New York College S.A. – €5,000 Fine (Greece, 2020)

€5,000Hellenic Data Protection Authority29 June 2020Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

New York College S.A. was fined for making phone calls to people without properly explaining how their personal data was used. The college approached individuals as if it knew they were unemployed, which raised concerns. This ruling emphasizes the need for businesses to be clear and accountable about their data practices.

What happened

New York College made targeted phone calls to individuals without providing adequate information on how their personal data was processed.

Who was affected

Individuals who received unsolicited phone calls from New York College regarding a seminar for unemployed people.

What the authority found

The Hellenic Data Protection Authority found that the college violated GDPR's accountability principle by failing to prove the legality of its data processing.

Why this matters

This case serves as a reminder that organizations must be transparent about their data use. Companies should improve their communication and ensure they can justify their data processing activities.

GDPR Articles Cited

AI-verified

Art. 5(1)(a) GDPR
Art. 5(2) GDPR
Art. 6(1) GDPR
Art. 83(2) GDPR
View original scraped data
Art. 5(1)(a) GDPR
Art. 5(2) GDPR
Art. 6(1) GDPR
Art. 83(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 15 March 2026
verified correct
Greece enforcementHellenic Data Protection Authority actionsAll New York College S.A. actions
Full Legal Summary
Detailed

Data subject complained that the private college, New York College, made targeted phone call offering their participation in seminar for unemployed people. In the call the College approached them as if it knew their status as unemployed. The data subject had requested from the data controller information on how and why their personal data was processed but did not get any satisfying response. The HDPA held that according to the principle of accountability as provided for in Article 5(2) GDPR, the college as data controller has the burden of proof as to the lawfulness of processing. The HDPA found that the controller did not provide any information to this end, violating the principle of accountability. Moreover, the processing was conducted in an opaque way with regard to both its general policy and dealing with the data subject's request in particular. The HDPA ordered the controller to bring its processing operations into compliance with the GDPR and take all necessary measures to full internal compliance and accountability as foreseen in Articles 5(1) and (2) and 6(1) GDPR. Finally, it imposed the fine of € 5.000.

Related Enforcement Actions (0)

No other enforcement actions found for New York College S.A. in GR

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

29 June 2020

Authority

Hellenic Data Protection Authority

Fine Amount

€5,000

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. New York College S.A. - Greece (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: