![]() ![]() Information on the consumer behaviour of the customers, the pick-up and return points, could therefore be attributed to a private person up to five years after a taxi tariff. However, the company deleted the names of its passengers from all its records after two years, while the passengers' telephone numbers were deleted only after five years. According to the taxi company, the stored personal data of customers should be anonymised after two years. In October 2018, the Danish Data Protection Authority notified the police about a taxi company and proposed a fine (of DKK 1.2 million) for non-compliance with the principle of data minimisation. Non-compliance with general data processing principles and principles of data minimisation - Proposed fine Please note: As Danish law does not provide for administrative penalties as in the GDPR (unless the case is straightforward and the accused person has given consent), fines are imposed by the courts.Īuthority: Danish Data Protection Authority (Datatilsynet)Īrt. 385,000 customers for longer than the Danish Data Protection Authority considered necessary. 5(1)(e), as the company had stored the personal data of approx. EUR 201,000) for non-compliance with the principle of storage limitation, cf. The Danish Data Protection Authority reported the company to the police and proposed a fine of DKK 1.5 million (approx. However, the deadline for anonymisation had not yet been implemented because the data controller had not sufficiently documented his procedures for deleting the personal data. The company had set a deadline for the anonymisation of customer information, which was set to 912 days (corresponding to the guarantee period). Consequently, the personal data was never deleted from the old system. The furniture company had not assessed the need for data storage and had not set any retention periods. ![]() In three of the stores however, the old system was still being used, which meant that information on approximately 385,000 customer names, addresses, telephone numbers, e-mail addresses and purchasing history was processed. The company implemented a new computer system in several of its furniture stores in Denmark. The inspection focused on the limitation of storage according to Article 5(1)(e) GDPR. October 2018: The Danish Data Protection Authority completed a planned inspection visit to a furniture company. INPLP Partner: NJORD Advokatpartnerselskabįailure to comply with the principle of storage limitation - Proposed fine The bank was not in a position to provide the Czech Data Protection Authority with the documents necessary to prove that the contract with the data subject had been concluded.Īuthority: Czech Data Protection Auhtority (UOOU) The bank allegedly had his or her personal data at its disposal because the data subject had access to his or her employer's company account. The Bank has opened a personal bank account for a person concerned without their consent or knowledge. Insufficient legal basis for data processing INPLP Partner: Nielsen Legal, advokátní kancelář, s. Organization: UniCredit Bank Czech Republic and Slovakia, a.s. ![]()
0 Comments
Leave a Reply. |
Details
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |