Unknown Company – €1,430 Fine (Hungary, 2019)

€1,430Nemzeti Adatvédelmi és Információszabadság Hatóság11 December 2019Hungary
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A Hungarian company was fined EUR 1,430 for accessing a former employee's email without warning. The company restored the email account a year after the employee left, finding work documents but also private data. This case shows the importance of having clear policies on handling former employees' data.

What happened

A company accessed a former director's email account without notifying him, finding both work and private data.

Who was affected

The former director whose email account was accessed without his knowledge.

What the authority found

The Hungarian authority ruled the company violated GDPR by not informing the former employee about accessing his email and not allowing him to manage his private data.

Why this matters

This case highlights the need for companies to have clear policies on data access and privacy, especially concerning former employees. It underscores the importance of transparency and employee rights in data handling.

GDPR Articles Cited

Art. 5 GDPR
Art. 6 GDPR
Art. 13 GDPR
Art. 24 GDPR
Art. 25 GDPR
Hungary enforcementNemzeti Adatvédelmi és Információszabadság Hatóság actionsAll Unknown Company actions
Full Legal Summary
Detailed

The employer restored the mailbox of a director who had left the company a year before and found an email containing a work-related document. The director received no warning that his former inbox would be activated and did not have a chance to copy / delete his private data (passwords and financial information). According to NAIH, an employee or a representative should be present when the employee's data is being accessed, even if the employment has been terminated. Employees should be able to request a copy or the deletion of their private data. Employers must record the access with minutes and photos; when the employee cannot be present, then in the presence of independent witnesses. Employers must adopt internal policies on archiving and the use of IT assets and e-mail accounts, including procedural rules such as the steps of an inspection and the officials authorised to carry it out.

Related Enforcement Actions (2)

Other enforcement actions involving Unknown Company in HU

Fine
Oct 2019· Nemzeti Adatvédelmi és Információszabadság Hatóság

An employee was on sick leave when his employer checked his desktop, laptop and emails to ensure that his work-related duties were being covered in hi...

€3K
Current
Dec 2019

Fine

€1K

Fine
Mar 2020· Nemzeti Adatvédelmi és Információszabadság Hatóság

The data controller has not complied with its obligation regarding the right of access to video recordings and was also unable to demonstrate that his...

€6K

Details

Fine Date

11 December 2019

Authority

Nemzeti Adatvédelmi és Információszabadság Hatóság

Fine Amount

€1,430

Enforcement Tracker ID

ETid-157

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Unknown Company - Hungary (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: