T.S.M. Srl. – €40,000 Fine (Italy, 2022)
Italy's data protection authority fined T.S.M. Srl. €40,000 for not properly responding to a person's requests about their personal data. The company failed to give clear answers about data access and objection rights, which are important under GDPR rules. This case highlights the need for businesses to handle data requests seriously and transparently.
What happened
T.S.M. Srl. did not adequately respond to a person's requests to access and object to the processing of their personal data.
Who was affected
Individuals who requested information about their personal data processing from T.S.M. Srl.
What the authority found
The Italian data protection authority found T.S.M. Srl. violated GDPR by not providing required information about data processing and failing to acknowledge objections.
Why this matters
This decision emphasizes the importance of businesses responding fully to data access and objection requests. Companies should ensure they have processes in place to handle such requests to avoid penalties.
GDPR Articles Cited
National Law Articles
The data subject was contacted by cleaning tool company T.S.M. Srl. (the controller) to take part in a professional course, and received various forms to be filled in. The company was not able to answer the data subject properly regarding its involvement in the processing of the data required in the forms. The data subject decided to address the company with requests to exercise their rights to access, to object and to erasure of personal data. T.S.M. replied confirming the deletion of personal data, but did not provide a proper response regarding the right of access and the right to object. Based on the company's lack of response to these requests, the data subject filed a complaint with the Italian DPA (Garante). The Garante noted T.S.M.'s lack of participation in the proceedings, and neither asked to be heard, nor answered requests made in this sense by the Garante. The Garante held that this lack of cooperation was in breach of Articles 157 and 166 of the [https://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/9740796 Italian Code of Privacy]. Nevertheless, the Garante found that the documentation attached to the complaint was sufficient to prove the controller's responsibility in this case. According to the Garante, the mere deletion of the personal data pursuant to Article 17 GDPR did not exhaust the controller's duties regarding the data subject's requests. The Garante held that T.S.M. should have provided the data subject with information related to the origin of the personal data, the processing activities carried out, and any other recipients of the data, pursuant to Articles 13 and Article 15 GDPR. Additionally, the Garante highlighted that T.S.M. should have confirmed the receipt of the request to object to further processing, and granted the data subject's right under Article 21 GDPR. Based on these considerations, the Garante issued a fine of €40,000 on T.S.M. for the violation of Articles 13 and Article 15 and 21 GDPR, as
Related Enforcement Actions (0)
No other enforcement actions found for T.S.M. Srl. in IT
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
27 January 2022
Authority
Garante per la protezione dei dati personali
Fine Amount
€40,000
GDPRhub ID
gdprhub-4674About this data
Cite as: Cookie Fines. T.S.M. Srl. - Italy (2022). Retrieved from cookiefines.eu
Last updated: