Hungary
Digi Távközlési Szolgáltató Kft. ("Digi") (electronic communication service provider)
288,000 €
GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2020-06-12.
Rank · Sector
#72
of 366 in Media, Telecoms and Broadcasting
Rank · Hungary
#2
of 73
Rank · All fines
#305
of 3,042
Case details
- Authority
- Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
- Date
- 2020-06-12
- Controller / Processor
- Digi Távközlési Szolgáltató Kft. ("Digi") (electronic communication service provider)
- Sector
- Media, Telecoms and Broadcasting
- Quoted Articles
- Art. 5 (1) b), (e) GDPR, Art. 32 (1), (2) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The company had infringed the principles of purpose limitation and storage restriction because its database contained a large amount of customer data which were no longer relevant for the actual purpose of collection and for which no retention period had been set. Furthermore, the NAIH pointed out that the defendant had not taken proportionate measures to reduce the risks in the area of data management and data security, arguing, inter alia, that it had not used encryption mechanisms.
Open original source
Links to the regulator's original publication or another source.
Related fines
Hungary
2022-02-08
634,000 €
ETid-1244
Budapest Bank Zrt.
Finance, Insurance and Consulting
Hungary
2023-04-12
253,000 €
ETid-1804
Aldi
Industry and Commerce
Hungary
2023-06-22
205,000 €
ETid-2039
Digi Telecommunications and Services Ltd.
Media, Telecoms and Broadcasting
Hungary
2022-08-11
197,000 €
ETid-1493
AMPLIFON Hungary Trade and Service Provider LLC
Industry and Commerce
Hungary
2020-12-16
97,150 €
ETid-568
Unknown
Finance, Insurance and Consulting
Hungary
2019-05-23
92,146 €
ETid-61
Organizer of SZIGET festival and VOLT festival
Media, Telecoms and Broadcasting