Debt collection service provider – €900,000 Fine (Germany, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A debt collection service provider in Germany was fined €900,000 for keeping personal data longer than allowed. They stored this data for up to five years after they should have deleted it. This case highlights the importance of following data retention rules to avoid hefty fines.
What happened
The company unlawfully stored personal data for up to five years after the erasure deadlines.
Who was affected
Individuals whose personal data was stored by the debt collection service provider.
What the authority found
The DPA ruled that the company violated GDPR rules by not deleting personal data in a timely manner.
Why this matters
This case serves as a warning to businesses about the importance of adhering to data retention policies. Companies should regularly review their data storage practices to ensure compliance.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The DPA of Hamburg has imposed a fine of EUR 900,000 on a debt collection service provider. The company had unlawfully stored personal data (amounting to a six-digit number of data records) for up to five years after the erasure deadlines. The company admitted the violation, cooperated with the authorities and accepted the fine.
Related Enforcement Actions (0)
No other enforcement actions found for Debt collection service provider in DE
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
12 November 2024
Authority
Bundesbeauftragter für den Datenschutz
Fine Amount
€900,000
Enforcement Tracker ID
ETid-2487
About this data
Cite as: Cookie Fines. Debt collection service provider - Germany (2024). Retrieved from cookiefines.eu
Last updated: