Digi Távközlési Szolgáltató Kft. ('Digi') (electronic communication service provider) – €288,000 Fine (Hungary, 2020)

€288,000Nemzeti Adatvédelmi és Információszabadság Hatóság12 June 2020Hungary
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Digi was fined for keeping too much customer data without a clear purpose or retention period. This is important because companies must limit data storage to what's necessary and secure it properly.

What happened

Digi stored excessive customer data without setting retention periods and failed to implement adequate security measures.

Who was affected

Customers whose outdated or unnecessary personal data were stored by Digi.

What the authority found

The authority found Digi violated GDPR by not limiting data storage and failing to secure customer data properly.

Why this matters

This case underscores the need for businesses to regularly audit their data retention policies and ensure they only keep data for as long as necessary. Proper data security measures must also be in place to protect stored information.

GDPR Articles Cited

AI-verified

Art. 5(1)(b) GDPR
Art. 5(1)(e) GDPR
Art. 32(1) GDPR
Art. 32(2) GDPR
View original scraped data
Art. 5(1)(b) GDPR
(e) GDPR
Art. 32(1) GDPR
(2) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
amount discrepancy
Hungary enforcementNemzeti Adatvédelmi és Információszabadság Hatóság actionsAll Digi Távközlési Szolgáltató Kft. ('Digi') (electronic communication service provider) actions
Full Legal Summary
Detailed

The company had infringed the principles of purpose limitation and storage restriction because its database contained a large amount of customer data which were no longer relevant for the actual purpose of collection and for which no retention period had been set. Furthermore, the NAIH pointed out that the defendant had not taken proportionate measures to reduce the risks in the area of data management and data security, arguing, inter alia, that it had not used encryption mechanisms.

Related Enforcement Actions (0)

No other enforcement actions found for Digi Távközlési Szolgáltató Kft. ('Digi') (electronic communication service provider) in HU

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

12 June 2020

Authority

Nemzeti Adatvédelmi és Információszabadság Hatóság

Fine Amount

€288,000

Enforcement Tracker ID

ETid-313

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Digi Távközlési Szolgáltató Kft. ('Digi') (electronic communication service provider) - Hungary (2020). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: