Hungary

Debt collector

1,560 €

GDPR enforcement action by Hungarian National Authority for Data Protection and the Freedom of Information (NAIH) on 2019-02-20.

Rank · Sector

#294

of 322 in Finance, Insurance and Consulting

Rank · Hungary

#55

of 75

Rank · All fines

#2,475

of 3,050

Case details

Authority: Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)
Date: 2019-02-20
Controller / Processor: Debt collector
Sector: Finance, Insurance and Consulting
Quoted Articles: Art. 5 (1) a) GDPR, Art. 5 (1) c) GDPR
Type of violation: Non-compliance with general data processing principles

Summary

A data subject requested information about and erasure of the data processed, which the debt collector refused stating that it could not identify the subject. For identification purposes he requested place of birth, mother’s maiden name and further details from the data subject. After the controller succeeded to identify the data subjects he refused to comply with the deletion request, arguing he is legally obliged to retain backup copies according to the Accountancy Act and internal policies. Since he did not properly inform about these policies, the NAIH held the controller breached the principle of transparency. The fine constitutes 0.0025% of the annual profit of the controller.

Open original source Links to the regulator's original publication or another source.