Iceland
Creditinfo Lánstraust hf.
257,000 €
GDPR enforcement action by Icelandic data protection authority ('Persónuvernd') on 2023-06-27.
Rank · Sector
#55
of 322 in Finance, Insurance and Consulting
Rank · Iceland
#1
of 22
Rank · All fines
#317
of 3,050
Case details
- Authority
- Icelandic data protection authority ('Persónuvernd')
- Date
- 2023-06-27
- Controller / Processor
- Creditinfo Lánstraust hf.
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 5 (1), (2) GDPR, Art. 6 (1) GDPR, Art. 8 laga nr. 90/2018, Art. 9 laga nr. 90/2018
- Type of violation
- Insufficient legal basis for data processing
Summary
The Icelandic DPA has imposed a fine of EUR 257,000 on Creditinfo Lánstraust hf.. The controller had registered information on loan defaults even though the required registration conditions for this have not been in place. For instance, unpaid small loans were registered although they were below the required minimum amount. In assessing the fine, the fact that a large number of people were affected by the incident and that the controller was pursuing profits were considered aggravating factors.
Open original source
Links to the regulator's original publication or another source.
Related fines
Iceland
2023-07-03
81,000 €
ETid-1940
Heilsuveru
Health Care
Iceland
2021-11-23
51,000 €
ETid-916
Icelandic Ministry of Industry and Innovation
Public Sector and Education
Iceland
2023-06-27
51,000 €
ETid-1948
eCommerce 2020 ApS
Finance, Insurance and Consulting
Iceland
2022-05-03
36,000 €
ETid-1154
City of Reykjavík
Public Sector and Education
Iceland
2025-02-17
34,300 €
ETid-2602
Primary Health Care in the Capital Area
Health Care
Iceland
2021-06-15
34,000 €
ETid-740
Huppuís ehf
Employment