Budapest Bar Association – Complaint Upheld (Hungary, 2022)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Hungarian data protection authority upheld a complaint against the Budapest Bar Association for not providing timely access to a former member's personal data. This case highlights the importance of responding to data access requests promptly under GDPR rules.
What happened
The Budapest Bar Association failed to provide timely access to a former member's personal data upon request.
Who was affected
A former member of the Budapest Bar Association who requested information about their account balance and membership termination.
What the authority found
The authority found that the Budapest Bar Association violated GDPR by not responding to the data access request within the required timeframe.
Why this matters
This decision emphasizes that organizations must handle data access requests promptly and transparently, reinforcing the rights of individuals to access their personal data under GDPR.
GDPR Articles Cited
The data subject had been a member of the Budapest Bar Association (the controller) until 2011 when their membership was terminated after their failure to pay their membership fees in time. On 1 October 2020, the data subject requested information about their account balance and the decision on the termination of their membership. After they did not receive the information asked for, they sent another request to the controller on 12 December 2020, referring to Article 15(1) GDPR, and asking for information relating to their account balance, the amount of their debt, the legal basis of the registered debt and the existence of the suspension and termination decisions. On 4 February 2021, the data subject complained to the DPA that the controller did not provide them with access to this information which constituted their personal data. In its submission to the DPA, the controller claimed that the data subject’s communication from 1 October 2020 did not qualify as an access request within the meaning of the GDPR. Additionally, the request from 12 December 2020 was only received by the controller on 23 December 2020. Since the offices of the controller were closed between 19 December 2020 and 3 January 2021, the controller claimed that the time limit for complying with the access request only started running on 4 January 2021. The controller claimed that due to the complexity of the request, it was entitled to extending the deadline by additional two months as provided for in Article 12(3) GDPR. Hence, the controller considered itself to have properly provided access to the data subject within the time limit when it replied to the data subject’s request on 2 April 2021. The DPA held that the controller violated Article 15(1) and (3) and Article 12(3) GDPR. The DPA considered the communication sent by the data subject on 1 October 2020 to be too general to qualify as an access request. On the other hand, it regarded the communication sent on 12 December 2020 and re
Outcome
Complaint Upheld
A data subject complaint that was upheld by the DPA.
Related Enforcement Actions (0)
No other enforcement actions found for Budapest Bar Association in HU
This is the only recorded action for this entity in this jurisdiction.
Details
Decision Date
16 May 2022
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
GDPRhub ID
gdprhub-5032About this data
Cite as: Cookie Fines. Budapest Bar Association - Hungary (2022). Retrieved from cookiefines.eu
Last updated: