UAB Medical Score – Complaint Upheld (Lithuania, 2025)

Complaint Upheld
Valstybine duomenu apsaugos inspekcija3 June 2025Lithuania
final
Complaint Upheld

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

UAB Medical Score failed to respond to a person's request for their data, which is required by law. The company claimed it didn't have any data on the person, but it still needed to inform them about that. This case highlights the importance of companies properly addressing data requests from individuals.

What happened

A person requested a copy of their personal data from UAB Medical Score, but the company did not respond.

Who was affected

The individual who requested their personal data from UAB Medical Score.

What the authority found

The authority ruled that UAB Medical Score violated GDPR by not informing the person that it did not process their personal data.

Why this matters

This ruling emphasizes that companies must respond to data requests, even if they don't have the requested information. It serves as a reminder for businesses to have clear processes for handling such requests.

GDPR Articles Cited

AI-verified

Art. 12(3) GDPR
Art. 15(1) GDPR
Art. 15(3) GDPR
View original scraped data
Art. 12(3) GDPR
Art. 15(1) GDPR
Art. 15(3) GDPR

Original data from scraper before AI verification against source document.

Source verified 19 March 2026
articles corrected
Lithuania enforcementValstybine duomenu apsaugos inspekcija actionsAll UAB Medical Score actions
Full Legal Summary
Detailed

An unnamed data subject requested a copy of their data from the company UAB Medical Score (the controller). The controller did not reply. The data subject later filed a complaint. During the investigation, the controller clarified that the data subject did not purchase its products and that it did not respond to the request because it controlled did not process any personal data referring to the data subject. The DPA held that Article 15 GDPR required the controller to inform the data subjects that it did not process their personal data. For this reason, the DPA held that the controller violated Articles 12(3) and 15(1)(3) GDPR. The DPA issued a reprimand and ordered the controller to respond to similar requests in the future.

Outcome

Complaint Upheld

A data subject complaint that was upheld by the DPA.

Related Enforcement Actions (0)

No other enforcement actions found for UAB Medical Score in LT

This is the only recorded action for this entity in this jurisdiction.

Details

Decision Date

3 June 2025

Authority

Valstybine duomenu apsaugos inspekcija

GDPRhub ID

gdprhub-9366

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. UAB Medical Score - Lithuania (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: