Datatilsynet - JobTeam indstillet til bøde
| Datatilsynet - JobTeam indstillet til bøde | |
|---|---|
 | |
| Authority: | Datatilsynet (Denmark) |
| Jurisdiction: | Denmark |
| Relevant Law: | Article 15(1) GDPR |
| Type: | Complaint |
| Outcome: | Upheld |
| Started: | |
| Decided: | 15.05.2020 |
| Published: | 15.05.2020 |
| Fine: | 50000 DKK |
| Parties: | Job Team A/S |
| National Case Number/Name: | JobTeam indstillet til bøde |
| European Case Law Identifier: | n/a |
| Appeal: | n/a |
| Original Language(s): | Danish |
| Original Source: | DPA Webpage (in DA) |
| Initial Contributor: | n/a |
The Danish DPA (Datatilsynet) fined JobTeam A/S DKK 50,000 (approx. €6,700) for the deletion of personal data before the pending access request relating to the respective data was answered.
English Summary
Facts
Datatilsynet received a complaint stating that JobTeam A/S had deleted personal data covered by a registrar's request for access during the period after the request was made and before the company responded.
Dispute
Is the deletion of personal data that is subject to an access request before the response of the request lawful?
Holding
Datatilsynet hold that JobTeam unlawfully foreclosed the citizen's ability to verify whether he or she had the right to gain access to the information with Datatilsynet and a court.
Therefore, JobTeam A / S has been reported to the police and fined DKK 50,000.
Comment
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Danish original. Please refer to the Danish original for more details.
JobTeam set to fine The Data Inspectorate considers that in a case of the right of access, JobTeam has not complied with the basic requirements of the Data Protection Regulation (GDPR) that personal data must be processed legally, reasonably and transparently. JobTeam A / S has been reported to the police and fined DKK 50,000. The company had deleted personal data covered by a registrar's request for access during the period after the request was made and before the company responded. The Data Inspectorate became aware of the case on the basis of a complaint. Good data processing "When a data controller deletes information about the citizen in connection with a non-response request, the data controller unlawfully forecloses the citizen's ability to verify whether he or she has the right to gain access to the information from the Data Inspectorate and the courts. It is a violation of the citizen's fundamental rights and is not an expression of good data processing practices, ”says Astrid Mavrogenis, Head of the Data Protection Agency. Fine setting The Data Inspectorate has decided to report JobTeam A / S to the police and recommends that the company be fined. In the opinion of the Data Inspectorate, a violation of the basic principles of the regulation on the security of treatment for a company in a case such as this can basically not be sanctioned by a fine less than DKK 50,000 if the basic requirement of the regulation that fines must be effective and dissuasive. effect, at the same time must be observed. When setting the amount of the fine, the Authority also emphasized that the fine should be proportionate to the infringement. In most European countries, national data supervision may itself impose administrative fines. Denmark. Here it works in such a way that the Data Inspectorate, after elucidating and assessing the case, reports to the police officer the data controller. The police then investigate whether there is a basis for a charge, etc., and finally a possible fine will be decided by a court.
