Belgian DPA fines controller for sending a direct marketing message to the wrong person and for not responding adequately to the subsequent request for access

Jun 18, 2020

Source: European Data Protection Board

The Belgian DPA has imposed a fine of 10 000 EUR on a controller for sending a direct marketing message to the wrong person and for not responding adequately to the data subject’s subsequent request for access to his data. The marketing message was sent to the plaintiff, instead of to another person who had the same name, but another email address. This incorrect processing is due to a human error. As a result, the plaintiff exercised his right of access, which did not run smoothly. The Belgian DPA established that the controller did not sufficiently answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR (Article 12.3 GDPR) and was not sufficiently transparent (Article 12.1 GDPR). For these reasons, the Belgian DPA considers that the exercise of the rights of the plaintiff were not sufficiently facilitated, as required by article 12.2 of the GDPR.

To read the full decision in French, click here

For further information, please contact the Belgian DPA

The press release published here does not constitute official EDPB communication, nor an EDPB endorsement. This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes. As the press release is represented here as it appeared on the SA’s website or other channels of communication, the news item is only available in English or in the Member State’s official language with a short introduction in English. Any questions regarding this press release should be directed to the supervisory authority concerned.

Recent news

EDPB Launches Data Protection Guide for small business

The EDPB has launched a Data Protection Guide to help small business owners on their way to become more data protection compliant. The Guide aims to raise awareness about the GDPR and to provide practical information to SMEs about GDPR compliance in an accessible and...

read more

Europe Day 2023

Every year in early May we celebrate peace and unity in Europe through Europe Day, to commemorate the signing of the 'Schuman Declaration'. This year, on Saturday 6 May, the EU institutions invite you to a wide range of online and on-site activities across the EU...

read more
A look back at the Privacy Symposium 2023

A look back at the Privacy Symposium 2023

For the second time in a row, the EFDPO was one of the Key Partners of the Privacy Symposium in Venice – an international conference for data protection professionals and enthusiasts from around the world. Privacy Symposium aims to bring together data protection...

read more
Generated by Feedzy