Hungary
Local bank
GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2019-05-31.
Case details
- Authority
- Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
- Date
- 2019-05-31
- Controller / Processor
- Local bank
- Sector
- Finance, Insurance and Consulting
- Quoted Articles
- Art. 12 (3), (4), (5) GDPR, Art. 15 GDPR, Art. 18 GDPR
- Type of violation
- Insufficient fulfilment of data subjects rights
Summary
Customer of a local bank requested access to telephone conversation recordings as well as to CCTV recordings. The bank provided the copies of the recordings of telephone conversations and also provided the chance of reviewing the recordings at bank but rejected to provide copies of the CCTV recordings since the recordings also contained third parties personal data. The NAIH decided in this case that the bank failed to fulfil data subjects rights since it did not respond in due time and also failed to provide copies of the requested recordings. According to the NAIH, the controller could not refer the protection of third party data since the CCTV recordings affected public space open for every customer and the bank also could have anonymised certain parts of the recordings.
Related fines