Czech Republic
Legal Person
400 €
GDPR enforcement action by Czech Data Protection Auhtority (UOOU) on 2020-09-25.
Rank · Sector
#201
of 218 in Not assigned
Rank · Czech Republic
#59
of 73
Rank · All fines
#2,916
of 3,050
Case details
- Authority
- Czech Data Protection Auhtority (UOOU)
- Date
- 2020-09-25
- Controller / Processor
- Legal Person
- Sector
- Not assigned
- Quoted Articles
- Art. 5 (1) a), e) GDPR, Art. 13 (1) GDPR, Art. 28 (3) GDPR, Art. 30 GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Czech DPA has imposed a fine of EUR 400 on a legal person. Proceedings were initiated following an inspection carried out in response to a complaint. The accused processed and archived personal data for the purpose of offering services via a call centre. However, the data was processed without a valid legal basis. While the data subjects had purportedly given consent verbally over the phone, no evidence of this was available. Additionally, the accused used cookies in breach of the GDPR and engaged an external data processor without having a valid data processing agreement in place.
Open original source
Links to the regulator's original publication or another source.
Related fines
Czech Republic
2024-04-15
13,900,000 €
ETid-2298
Avast Software s.r.o.
Industry and Commerce
Czech Republic
2023-08-02
178,000 €
ETid-2592
Multiple website operators
Not assigned
Czech Republic
2021-01-04
118,500 €
ETid-513
Unknown
Industry and Commerce
Czech Republic
2021-01-20
26,710 €
ETid-2792
Legal Person
Not assigned
Czech Republic
2020-12-18
26,710 €
ETid-2793
Legal Person
Not assigned
Czech Republic
2020-09-30
20,050 €
ETid-2828
Legal Person
Industry and Commerce