Δ.Ε.Η. Α.Ε. (Public Power Corporation) – €28,000 Fine (Greece, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The data subject submitted a request to the controller ([https://www.dei.gr/en/ Δ.Ε.Η. Α.Ε.]) and asked for rectification and erasure of their personal data related to immovable assets that did not concern him. The confirmed the rectification and erasure of the personal data. However, from December 2020 to July 2021, the data subject continued to receive calls from law firms and collection agencies regarding outstanding bills for properties that were not his, neither owned nor rented by him. The data subject subsequently submitted another erasure request, asking for the removal of his tax number from the bills. Despite the controller's confirmation that the erasure request had been fulfilled, the data subject continued to receive harassing calls from collection agencies and law firms regarding unpaid bills. The data subject also received a payment notice from the municipality of Athens regarding the unpaid bills. The data subject lodged a complaint, stating that neither the law firms nor the municipality had notified the controller, nor the controller informed the relevant parties involved that these bills do not concern him. As per the data subject, this demonstrated a lack of appropriate technical and organisational measures on the part of the controller. The controller asserts that the issue arose from the complainant's failure to update the ownership information through the proper channels, resulting the erasure being applied only to the e-bill system. Consequently, data concerning the complainant continued to be processed by law firms and collection agencies acting on behalf of the controller to collect outstanding debts. The controller further explained that its disclosure of the complainant’s data to the municipality was done as per the Greek Law 3979/2011, in order to meet its legal obligations. The municipality which had not provided a timely response to the data subject’s request for information on the sources of data and other relevant information, stat
GDPR Articles Cited
Entities Involved
The data subject submitted a request to the controller ([https://www.dei.gr/en/ Δ.Ε.Η. Α.Ε.]) and asked for rectification and erasure of their personal data related to immovable assets that did not concern him. The confirmed the rectification and erasure of the personal data. However, from December 2020 to July 2021, the data subject continued to receive calls from law firms and collection agencies regarding outstanding bills for properties that were not his, neither owned nor rented by him. The data subject subsequently submitted another erasure request, asking for the removal of his tax number from the bills. Despite the controller's confirmation that the erasure request had been fulfilled, the data subject continued to receive harassing calls from collection agencies and law firms regarding unpaid bills. The data subject also received a payment notice from the municipality of Athens regarding the unpaid bills. The data subject lodged a complaint, stating that neither the law firms nor the municipality had notified the controller, nor the controller informed the relevant parties involved that these bills do not concern him. As per the data subject, this demonstrated a lack of appropriate technical and organisational measures on the part of the controller. The controller asserts that the issue arose from the complainant's failure to update the ownership information through the proper channels, resulting the erasure being applied only to the e-bill system. Consequently, data concerning the complainant continued to be processed by law firms and collection agencies acting on behalf of the controller to collect outstanding debts. The controller further explained that its disclosure of the complainant’s data to the municipality was done as per the Greek Law 3979/2011, in order to meet its legal obligations. The municipality which had not provided a timely response to the data subject’s request for information on the sources of data and other relevant information, stat
Related Enforcement Actions (0)
No other enforcement actions found for Δ.Ε.Η. Α.Ε. (Public Power Corporation) in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
3 September 2024
Authority
Hellenic Data Protection Authority
Fine Amount
€28,000
GDPRhub ID
gdprhub-8557About this data
Cite as: Cookie Fines. Δ.Ε.Η. Α.Ε. (Public Power Corporation) - Greece (2024). Retrieved from cookiefines.eu
Last updated: