Financial company – €100,000 Fine (Belgium, 2021)

€100,000Autorité de Protection des Données26 April 2021Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Belgium fined a financial company EUR 100,000 after an employee accessed a credit register to gain personal information about his ex-wife. The company failed to protect personal data from unauthorized access. This case highlights the need for strong data security measures to prevent misuse.

What happened

A financial company employee unlawfully accessed a credit register to obtain personal data about his ex-wife.

Who was affected

An individual whose personal data was accessed without authorization by her ex-husband working at the financial company.

What the authority found

The Belgian DPA found the company failed to implement adequate measures to protect personal data from unauthorized access.

Why this matters

This case emphasizes the importance of implementing strong security measures to protect personal data and prevent unauthorized access, especially by employees.

GDPR Articles Cited

Art. 32 GDPR
Art. 5(1)(f) GDPR
Belgium enforcementAutorité de Protection des Données actionsAll Financial company actions
Full Legal Summary
Detailed

The Belgian DPA (APD) has imposed a fine of EUR 100,000 on a financial company. A data subject had filed two complaints with the APD against the company. They were based on 20 queries of her personal data from the credit register of the National Bank of Belgium. The controller employs the data subject's ex-husband, who allegedly used his role to unlawfully gain access to the register in order to obtain financial information about the data subject and thus gain an advantage in their divorce proceedings. As the DPA noted, the data protection violations occurred due to the fact that the controller had not taken adequate organizational measures to protect personal data from unauthorized processing.

Related Enforcement Actions (0)

No other enforcement actions found for Financial company in BE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 April 2021

Authority

Autorité de Protection des Données

Fine Amount

€100,000

Enforcement Tracker ID

ETid-664

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Financial company - Belgium (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: