Technology Company – €177,000 Fine (Belgium, 2026)

€177,000Autorité de Protection des Données12 May 2026Belgium
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Belgian technology company was fined €177,000 for not deleting a former employee's email account, which led to personal data being processed without proper legal grounds. This matters because it shows the importance of properly managing employee data and following legal requirements for data deletion.

What happened

The company failed to delete a former employee's email account, allowing personal data to be processed without a valid legal basis.

Who was affected

Former employees whose personal data was still accessible through their deactivated email accounts were affected.

What the authority found

The Belgian DPA found that the company did not have a valid legal basis for processing the personal data, violating several GDPR requirements.

Why this matters

This case highlights the need for companies to ensure they properly delete employee data when it's no longer needed. It serves as a reminder for businesses to review their data management practices.

GDPR Articles Cited

AI-verified

Art. 12(GDPR)
Art. 13(GDPR)
Art. 15(GDPR)
Art. 24(GDPR)
Art. 25(GDPR)
Art. 5(1)(a) GDPR
Art. 5(1)(b) GDPR
Art. 5(1)(c) GDPR
Art. 5(1)(e) GDPR
Art. 5(1)(f) GDPR
Art. 5(2) GDPR
Art. 6(1) GDPR
View original scraped data
Art. 5(1) a) GDPR
Art. 6(1) GDPR
Art. 12(GDPR)
Art. 13(GDPR)

Original data from scraper before AI verification against source document.

Source verified 27 May 2026
articles corrected
date discrepancy
Belgium enforcementAutorité de Protection des Données actionsAll Technology Company actions
Full Legal Summary
Detailed

The Belgian DPA has imposed a fine of EUR 177,000 on a technology company. The controller failed to delete a former employee's email account, resulting in personal data being processed without sufficient legal basis. The controller only deactivated the email account after a certain period of time, which cannot be considered a deletion, which would have been necessary. Additionally, the controller failed to adequately inform the data subject regarding the processing.

Related Enforcement Actions (0)

No other enforcement actions found for Technology Company in BE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

12 May 2026

Authority

Autorité de Protection des Données

Fine Amount

€177,000

Enforcement Tracker ID

ETid-3172

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Technology Company - Belgium (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: