The President of the Data Protection Office has imposed a fine for the non-performance of obligation to provide information under the GDPR. The fine was imposed on a company which gathered data of physical persons conducting business. The data was publicly available on the Internet (in the Central Registry and Information about Business Activities, National Court Register, Central Statistical Office, Central Register of Vehicles and Drivers, and in the Court and Commercial Gazette). The company has been creating databases allowing its users to verify the reliability of these entrepreneurs and it has not informed all of the entrepreneurs that their data were being processed, relying incorrectly, according to the President of the Data Protection Office, on the exception stipulated in Art. 14(5)(b) of the GDPR. The case pertains to approx. 6 million of records, whereas the obligation to provide information was fulfilled towards approx. 90,000 persons.
By: Mirosław Stefanik, firstname.lastname@example.org
Source: bankier.pl and rp.pl