HDPA - 2/2020
|HDPA - 2/2020|
|Relevant Law:||Article 12(4) GDPR|
|Decided:||21. 2. 2020|
|Parties:||Hellenic Public Power Corporation S.A. (ΔΕΗ Α.Ε.)|
|National Case Number:||2/2020|
|European Case Law Identifier:||n/a|
|Original Source:||HDPA (GR)|
The HDPA imposed a EUR 5,000 fine on the biggest electric power company in Greece because it did not respond to data subject's right to access. The HDPA highlighted that even when the data controller does not keep any record of the data subject's personal data, it should notify the data subject of its inability to respond to the access request.
The complainant exercised their right of access asking the DPO of the Hellenic Public Power Corporation SA to provide them copy of any correspondence from 2015 until the present, but they did not receive any response. The HDPA asked the company to clarify its position.
The HDPA stressed that the fulfillment of the right to information and access does not require the data subject to prove any legitimate interest; this interest is inherent in the right to access, so that transparency and legitimacy of processing can be assured. Similarly, there is no requirement for the data subject to invoke any particular reasons why they want to exercise their right to access.
The HDPA emphasised that, following the case law of the Greek Council of State, even in the case that the data controller does not keep any record of the data subject's personal data, it will still have the obligation to reply pursuant to Article 12(4) GDPR.
The HPDA found that after one month from the receipt of the data subject's complaint, the company as data controller did not notify the data subject of its inability to promptly respond to their request. Thus, the HDPA imposed a fine of EUR 5,000.
Share your comments here!
Share blogs or news articles here!
English Machine Translation of the Decision
This is an available machine translated decision. Please refer to the Greek original decision for details.