T.S.M. Srl. – €40,000 Fine (Italy, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
T.S.M. Srl. in Italy was fined for not properly responding to a person's requests about their personal data. This case is significant because it emphasizes the importance of clear communication and compliance with data protection laws. Companies should ensure they have processes in place to handle data requests effectively.
What happened
T.S.M. Srl. failed to adequately respond to a person's requests for access to their data and to object to its processing.
Who was affected
The individual who made the requests regarding their personal data was affected by T.S.M.'s lack of response.
What the authority found
The Italian Data Protection Authority found that T.S.M. did not fulfill its obligations to respond to the individual's data requests as required by GDPR.
Why this matters
This ruling highlights the need for companies to have robust procedures for handling personal data requests. Failure to comply can lead to significant penalties and loss of customer trust.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
The data subject was contacted by cleaning tool company T.S.M. Srl. (the controller) to take part in a professional course, and received various forms to be filled in. The company was not able to answer the data subject properly regarding its involvement in the processing of the data required in the forms. The data subject decided to address the company with requests to exercise their rights to access, to object and to erasure of personal data. T.S.M. replied confirming the deletion of personal data, but did not provide a proper response regarding the right of access and the right to object. Based on the company's lack of response to these requests, the data subject filed a complaint with the Italian DPA (Garante). The Garante noted T.S.M.'s lack of participation in the proceedings, and neither asked to be heard, nor answered requests made in this sense by the Garante. The Garante held that this lack of cooperation was in breach of Articles 157 and 166 of the [https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9740796 Italian Code of Privacy]. Nevertheless, the Garante found that the documentation attached to the complaint was sufficient to prove the controller's responsibility in this case. According to the Garante, the mere deletion of the personal data pursuant to Article 17 GDPR did not exhaust the controller's duties regarding the data subject's requests. The Garante held that T.S.M. should have provided the data subject with information related to the origin of the personal data, the processing activities carried out, and any other recipients of the data, pursuant to Articles 13 and Article 15 GDPR. Additionally, the Garante highlighted that T.S.M. should have confirmed the receipt of the request to object to further processing, and granted the data subject's right under Article 21 GDPR. Based on these considerations, the Garante issued a fine of €40,000 on T.S.M. for the violation of Articles 13 and Article 15 and 21 GDPR, as
Related Enforcement Actions (0)
No other enforcement actions found for T.S.M. Srl. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
27 January 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€40,000
GDPRhub ID
gdprhub-4674About this data
Cite as: Cookie Fines. T.S.M. Srl. - Italy (2022). Retrieved from cookiefines.eu
Last updated: