National Revenue Agency – €28,100 Fine (Bulgaria, 2019)

€28,100Commission for Personal Data Protection3 September 2019Bulgaria
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Bulgaria's National Revenue Agency was fined for collecting and using a person's data without permission. They used this data to try to recover money from her, which included accessing her bank details unlawfully. This case highlights the importance of having a valid reason to collect and use personal data.

What happened

The National Revenue Agency collected and used a person's data without a valid reason to pursue a financial claim.

Who was affected

A person whose personal and bank data was accessed and used by the National Revenue Agency without proper authorization.

What the authority found

The Commission for Personal Data Protection found that the National Revenue Agency unlawfully processed personal data, violating GDPR's requirement for a valid legal basis.

Why this matters

This case underscores the need for government agencies to respect data protection laws and have a clear legal basis before using personal data. It serves as a warning to organizations about the consequences of mishandling personal information.

GDPR Articles Cited

Art. 6(1) GDPR
Art. 58(2)(e) GDPR
Bulgaria enforcementCommission for Personal Data Protection actionsAll National Revenue Agency actions
Full Legal Summary
Detailed

The pecuniary sanction of EUR 28, 121 was imposed on the National Revenue Agency for unlawful processing of the personal data of data subject G.B.I. The personal data of G.B.I. was unlawfully collected and subsequently used to form an enforcement case against her for recovery of the sum of EUR ca. 86, 569. In relation to the enforcement case formed, additional data concerning the bank accounts of G.B.I was collected by the National Revenue Agency from the register of the Bulgarian National Bank. The additional collected data was also unlawfully processed by the National Revenue Agency in sending distraint orders to the banks with which G.B.I. had bank accounts.

Related Enforcement Actions (1)

Other enforcement actions involving National Revenue Agency in BG

Fine
Aug 2019· Commission for Personal Data Protection

Leakage of personal data in a hacking attack due to inadequate technical and organisational measures to ensure the protection of information security....

€2.6M
Current
Sept 2019

Fine

€28K

Details

Fine Date

3 September 2019

Authority

Commission for Personal Data Protection

Fine Amount

€28,100

Enforcement Tracker ID

ETid-140

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. National Revenue Agency - Bulgaria (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: