XX – €5,000 Fine (Italy, 2020)
The Italian Data Protection Authority fined a company €5,000 for not allowing a person to access their own data, as required by GDPR. This case shows that even public bodies must respect individuals' rights to access their personal information. Businesses should ensure they have processes in place to handle such requests promptly.
What happened
A company was fined for not allowing a person to access their personal data, violating GDPR's right of access.
Who was affected
An individual who was denied access to their personal data by the Istituto Nazionale per la previdenza Sociale (INPS).
What the authority found
The Italian Data Protection Authority determined that the company violated the individual's right to access their data under GDPR.
Why this matters
This case underscores the need for companies, including public bodies, to comply with data access requests. It serves as a reminder to implement clear procedures for handling such requests to avoid penalties.
GDPR Articles Cited
Entities Involved
The case concerned a violation of the right of access, unrelated to cookies or consent mechanisms.
Violations (1)
Non-essential cookies (tracking, advertising) are placed on the user's device before obtaining valid consent.
Art. 6(1) GDPR
Related Enforcement Actions (1)
Other enforcement actions involving XX in IT
Similar Cases
Enforcement actions with similar violations
Details
Fine Date
2 July 2020
Authority
Garante per la protezione dei dati personali
Fine Amount
€5,000
GDPRhub ID
gdprhub-2661About this data
Cite as: Cookie Fines. XX - Italy (2020). Retrieved from cookiefines.eu
Last updated: