Belgium

Law Firm

4,920 €

GDPR enforcement action by Belgian Data Protection Authority (APD) on 2026-05-08.

Rank · Sector

#237

of 322 in Finance, Insurance and Consulting

Rank · Belgium

#38

of 50

Rank · All fines

#1,851

of 3,050

Case details

Authority: Belgian Data Protection Authority (APD)
Date: 2026-05-08
Controller / Processor: Law Firm
Sector: Finance, Insurance and Consulting
Quoted Articles: Art. 5 (1) a) GDPR, Art. 12 (2), (4) GDPR, Art. 13 GDPR, ARt. 14 GDPR, Art. 15 GDPR
Type of violation: Insufficient fulfilment of data subjects rights

Summary

The Belgian DPA has imposed a fine of EUR 4,920 on a law firm. The controller had a client relationship with the data subject. After the relationship ended, the data subject's daughter requested access to their personal data on behalf of the data subject. Initially, the controller denied the request, citing doubts about the data subject's identity. Later, the controller asked the data subject to pay EUR 135 to process the data access request, on the grounds that it had been excessive or manifestly unfounded. Finally, the controller failed to adequately inform data subjects about data processing due to the absence of a privacy policy on the controller's website or another method of informing data subjects.

Open original source Links to the regulator's original publication or another source.