HDPA (Greece) - 2/2020: Difference between revisions
(Created page with "{| class="wikitable" style="width: 25%; margin-left: 10px; float:right;" ! colspan="2" |HDPA - 2/2020 |- | colspan="2" style="padding: 20px; background-color:#ffffff" |File:...") |
No edit summary |
||
| Line 41: | Line 41: | ||
|} | |} | ||
The HDPA imposed a EUR 5,000 fine on the biggest electric power company in Greece because it did not respond to data subject's right to access. The HDPA highlighted that even when the data controller does not keep any record of the data subject's personal data, it should notify the data subject of its inability to respond to the access request. | The HDPA imposed a EUR 5,000 fine on the biggest electric power company in Greece because it did not respond to data subject's right to access. The HDPA highlighted that even when the data controller does not keep any record of the data subject's personal data, it should notify the data subject of its inability to respond to the access request according to [[Article 12 GDPR#4|Article 12(4) GDPR]]. | ||
==English Summary== | ==English Summary== | ||
Revision as of 18:31, 18 March 2020
| HDPA - 2/2020 | |
|---|---|
 | |
| Authority: | HDPA (Greece) |
| Jurisdiction: | Greece |
| Relevant Law: | Article 12(4) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Decided: | 21. 2. 2020 |
| Published: | n/a |
| Fine: | EUR 5,000 |
| Parties: | Hellenic Public Power Corporation S.A. (ΔΕΗ Α.Ε.) |
| National Case Number: | 2/2020 |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language: |
Greek |
| Original Source: | HDPA (GR) |
The HDPA imposed a EUR 5,000 fine on the biggest electric power company in Greece because it did not respond to data subject's right to access. The HDPA highlighted that even when the data controller does not keep any record of the data subject's personal data, it should notify the data subject of its inability to respond to the access request according to Article 12(4) GDPR.
English Summary
Facts
The complainant exercised their right of access asking the DPO of the Hellenic Public Power Corporation SA to provide them copy of any correspondence from 2015 until the present, but they did not receive any response. The HDPA asked the company to clarify its position.
Holding
The HDPA stressed that the fulfillment of the right to information and access does not require the data subject to prove any legitimate interest; this interest is inherent in the right to access, so that transparency and legitimacy of processing can be assured. Similarly, there is no requirement for the data subject to invoke any particular reasons why they want to exercise their right to access.
The HDPA emphasised that, following the case law of the Greek Council of State, even in the case that the data controller does not keep any record of the data subject's personal data, it will still have the obligation to reply pursuant to Article 12(4) GDPR.
The HPDA found that after one month from the receipt of the data subject's complaint, the company as data controller did not notify the data subject of its inability to promptly respond to their request. Thus, the HDPA imposed a fine of EUR 5,000.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
This is an available machine translated decision. Please refer to the Greek original decision for details.
