Datatilsynet - JobTeam indstillet til bøde

From GDPRhub
Datatilsynet - JobTeam indstillet til bøde
LogoDK.png
Authority: Datatilsynet (Denmark)
Jurisdiction: Denmark
Relevant Law: Article 15(1) GDPR
Type: Complaint
Outcome: Upheld
Decided: 15.05.2020
Published: 15.05.2020
Fine: 50000 DKK
Parties: Job Team A/S
National Case Number/Name: JobTeam indstillet til bøde
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Danish
Original Source: DPA Webpage (in DA)
Initial Contributor: n/a

The Danish DPA (Datatilsynet) fined JobTeam A/S DKK 50,000 (approx. €6,700) for the deletion of personal data before the pending access request relating to the respective data was answered.

English Summary

Facts

Datatilsynet received a complaint stating that JobTeam A/S had deleted personal data covered by a registrar's request for access during the period after the request was made and before the company responded.

Dispute

Is the deletion of personal data that is subject to an access request before the response of the request lawful?

Holding

Datatilsynet hold that JobTeam unlawfully foreclosed the citizen's ability to verify whether he or she had the right to gain access to the information with Datatilsynet and a court.

Therefore, JobTeam A / S has been reported to the police and fined DKK 50,000.

Comment

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Danish original. Please refer to the Danish original for more details.

 JobTeam set to fine

The Data Inspectorate considers that in a case of the right of access, JobTeam has not complied with the basic requirements of the Data Protection Regulation (GDPR) that personal data must be processed legally, reasonably and transparently.
JobTeam A / S has been reported to the police and fined DKK 50,000. The company had deleted personal data covered by a registrar's request for access during the period after the request was made and before the company responded. The Data Inspectorate became aware of the case on the basis of a complaint.

Good data processing

"When a data controller deletes information about the citizen in connection with a non-response request, the data controller unlawfully forecloses the citizen's ability to verify whether he or she has the right to gain access to the information from the Data Inspectorate and the courts. It is a violation of the citizen's fundamental rights and is not an expression of good data processing practices, ”says Astrid Mavrogenis, Head of the Data Protection Agency.
Fine setting

The Data Inspectorate has decided to report JobTeam A / S to the police and recommends that the company be fined.

In the opinion of the Data Inspectorate, a violation of the basic principles of the regulation on the security of treatment for a company in a case such as this can basically not be sanctioned by a fine less than DKK 50,000 if the basic requirement of the regulation that fines must be effective and dissuasive. effect, at the same time must be observed. When setting the amount of the fine, the Authority also emphasized that the fine should be proportionate to the infringement.

In most European countries, national data supervision may itself impose administrative fines. Denmark.

Here it works in such a way that the Data Inspectorate, after elucidating and assessing the case, reports to the police officer the data controller. The police then investigate whether there is a basis for a charge, etc., and finally a possible fine will be decided by a court.