Magyar Kétfarkú Kutya Párt, MKKP – €7,500 Fine (Hungary, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Hungarian political party was fined EUR 7,500 for failing to secure personal data stored in Google Docs, which was leaked online. The party didn't properly inform affected people about the breach. This case shows the importance of strong data security measures and timely breach notifications.
What happened
A political party stored personal data in Google Docs, which was leaked and made publicly available.
Who was affected
Supporters and mailing list recipients of the political party whose data was leaked.
What the authority found
The Hungarian DPA found that the party failed to ensure adequate data security and did not properly notify affected individuals about the breach.
Why this matters
This case emphasizes the need for organizations to implement robust data security measures and promptly inform individuals when their data is compromised. It highlights the risks of using inadequate security for sensitive information.
GDPR Articles Cited
A political party used Google docs to store data of sympathisers and addressees of mailings in Excel files. The files were leaked and made publicly available, the link of the files also being published in an article on a political portal. Given that a large number of data subjects and special categories of data were concerned, the DPA (NAIH) conducted an inspection and found that the security of the processing was not sufficiently ensured by the controller. The controller also did not respond to the demand of the authority to indicate the measures taken to secure the data and to notify the data subjects. 1) A) The Controller has not respected Article 32, paragraph (1), point (a) and(b) and paragraph (2) of that article of Regulation (EU) 2016/679, the protection of natural persons in respect of processing of personal data and the) free movement of such data, and repealing Directive 95/46/EC (hereinafter: General Data Protection Regulation) in not applying data security proportionate to the risks of storing data of party sympathisers and activists. B) The Controller has infringed Article 5(2) of the General Data Protection Regulation, as despite repeated requests from the Authority, it has not fully demonstrated how it has taken measures to reduce the risks of the personal data breach. 2) Instructs the Controller to demonstrate to the Authority in accordance with Article 5(2) of the General Data Protection Regulation (GDPR), when and in what form and with what content it informed the data subjects of the personal data breach, in accordance with Article 34 GDPR. B) inform the Authority of how it adapted the data processing affected by the incident to apply data security measures proportionate to the risk. 3) Due to the above infringement, the Client shall be obliged within 30 days from the date of the finalisation of the present decision to pay a fine of 3 000 000 HUF, i.e. three million forints 4) Orders the final decision to be published including the Customer’
Related Enforcement Actions (0)
No other enforcement actions found for Magyar Kétfarkú Kutya Párt, MKKP in HU
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
22 April 2021
Authority
Nemzeti Adatvédelmi és Információszabadság Hatóság
Fine Amount
€7,500
3,000,000 HUF
GDPRhub ID
gdprhub-5475About this data
Cite as: Cookie Fines. Magyar Kétfarkú Kutya Párt, MKKP - Hungary (2021). Retrieved from cookiefines.eu
Last updated: