Bulgaria

Bank

500 €

GDPR enforcement action by Bulgarian Commission for Personal Data Protection (KZLD) on 2018-12-04.

Rank · Sector

#318

of 322 in Finance, Insurance and Consulting

Rank · Bulgaria

#28

of 31

Rank · All fines

#2,845

of 3,050

Case details

Authority: Bulgarian Commission for Personal Data Protection (KZLD)
Date: 2018-12-04
Controller / Processor: Bank
Sector: Finance, Insurance and Consulting
Quoted Articles: Art. 5 (1) b) GDPR, Art. 6 GDPR
Type of violation: Insufficient legal basis for data processing

Summary

A fine of 1000 BGN (or roughly 500 EUR) was imposed on a bank for calling a client for the unresolved bills of his neighbor. This provoked the client to evoke his right to be forgotten. After not receiving any answer from the bank he filed another motion, for which the bank did take action in the statutory period. Nonetheless, the client filed a complaint to KZLD.

The infringement for which the bank was fined was for the processing of the client’s personal data was not linked to his consumer credit agreement. Since the purpose for which the data were processed was different from that communicated at the time of conclusion of the contract, the bank had, in the point of view of KZLD, to request additional consent from its client.

Open original source Links to the regulator's original publication or another source.