Details:
| Summary | The Hellenic DPA has imposed a fine of EUR 20,000 on the National Bank of Greece. A data subject had filed a complaint against a company and the bank after they failed to comply with his right to information. After returning a product he had purchased from a company, the data subject had asked the company via Facebook Messenger to inform him about the request to cancel his credit card statements sent electronically to the bank. However, the controller refused to comply, whereupon the data subject asserted the same right with the bank, which, however, did not provide him with a response. |
| Link: | link |
| Related articles: | Art. 12 (1), (2), (3) GDPR, Art. 15 (1) GDPR |
| Type: | Insufficient fulfilment of data subjects rights |
| Fine: | EUR 20,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/