Bank – €500 Fine (Bulgaria, 2018)

€500Commission for Personal Data Protection4 December 2018Bulgaria
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A bank in Bulgaria was fined €500 for using a client's personal data to contact him about his neighbor's unpaid bills, which was unrelated to his own account. This misuse of data violated GDPR rules on data processing. Businesses should ensure they only use customer data for the purposes they have communicated.

What happened

The bank used a client's personal data to contact him about his neighbor's unpaid bills, unrelated to his own account.

Who was affected

The bank's client whose personal data was used without proper justification.

What the authority found

The authority found that the bank processed the client's data for a purpose not originally communicated, violating GDPR's requirements for lawful data processing.

Why this matters

This case highlights the importance of using personal data only for the purposes initially communicated to customers. It reminds businesses to review their data processing practices to ensure compliance with GDPR.

GDPR Articles Cited

Art. 6 GDPR
Art. 5(1)(b) GDPR
Bulgaria enforcementCommission for Personal Data Protection actionsAll Bank actions
Full Legal Summary
Detailed

A fine of 1000 BGN (or roughly 500 EUR) was imposed on a bank for calling a client for the unresolved bills of his neighbor. This provoked the client to evoke his right to be forgotten. After not receiving any answer from the bank he filed another motion, for which the bank did take action in the statutory period. Nonetheless, the client filed a complaint to KZLD. The infringement for which the bank was fined was for the processing of the client’s personal data was not linked to his consumer credit agreement. Since the purpose for which the data were processed was different from that communicated at the time of conclusion of the contract, the bank had, in the point of view of KZLD, to request additional consent from its client.

Related Enforcement Actions (0)

No other enforcement actions found for Bank in BG

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

4 December 2018

Authority

Commission for Personal Data Protection

Fine Amount

€500

Enforcement Tracker ID

ETid-6

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Bank - Bulgaria (2018). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: