Belgium
Accountancy Firm
8,500 €
GDPR enforcement action by Belgian Data Protection Authority (APD) on 2026-04-23.
Rank · Sector
#102
of 213 in Employment
Rank · Belgium
#30
of 50
Rank · All fines
#1,492
of 3,050
Case details
- Authority
- Belgian Data Protection Authority (APD)
- Date
- 2026-04-23
- Controller / Processor
- Accountancy Firm
- Sector
- Employment
- Quoted Articles
- Art. 5 (1) a) GDPR, Art. 6 (1) GDPR, Art. 12 (2), (3) GDPR, Art. 17 (1) GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The Belgian DPA has imposed a fine of EUR 8,500 on a accountancy firm. Following the termination of an employment contract, the controller failed to deactivate the former employee's personal work email address for a long time. Even after the former employee requested that the controller delete this data, the controller did not react. Additionally, the controller did not set up an automatic response to inform senders that the data subject is no longer working for the company, resulting in emails continuously being sent to the former employee's email address.
Open original source
Links to the regulator's original publication or another source.
Related fines
Belgium
2020-07-14
600,000 €
ETid-344
Google Belgium SA
Media, Telecoms and Broadcasting
Belgium
2022-04-04
200,000 €
ETid-1116
Brussels Airport Zaventem
Transportation and Energy
Belgium
2024-12-17
200,000 €
ETid-2521
Hospital
Health Care
Belgium
2026-05-12
177,000 €
ETid-3172
Technology Company
Employment
Belgium
2024-01-16
174,640 €
ETid-2225
Black Tiger Belgium
Industry and Commerce
Belgium
2026-05-12
120,000 €
ETid-3174
Isabel SA
Finance, Insurance and Consulting