Croatia

Telecommunications company

20,000 €

GDPR enforcement action by Croatian Data Protection Authority (azop) on Unknown.

Rank · Sector

#280

of 369 in Media, Telecoms and Broadcasting

Rank · Croatia

#21

of 43

Rank · All fines

#1,074

of 3,050

Case details

Authority: Croatian Data Protection Authority (azop)
Date: Unknown
Controller / Processor: Telecommunications company
Sector: Media, Telecoms and Broadcasting
Quoted Articles: Art. 6 (1) GDPR, Art. 5 (1) d) GDPR
Type of violation: Insufficient legal basis for data processing

Summary

The Croatian DPA (azop) has imposed a fine of EUR 20,000 on a telecommunications company. A data subject had filed a complaint with the DPA claiming that the company was still processing their personal data even though they had not been a customer of the company for more than ten years. During its investigation, the DPA found that the company had still been storing the data due to an alleged debt. The debt was no longer outstanding, however, the company had failed to delete the data of the data subject due to a lack of measures to regularly verify that the stored data was up to date and accurate. The DPA concluded that the company had unlawfully processed the data and violated Art. 6 (1) GDPR in relation to Art. 5 (1) d) GDPR.

Open original source Links to the regulator's original publication or another source.