The Belgian DPA has imposed a fine of 10 000 EUR on a controller for sending a direct marketing message to the wrong person and for not responding adequately to the data subject’s subsequent request for access to his data.
The marketing message was sent to the plaintiff, instead of to another person who had the same name, but another email address. This incorrect processing is due to a human error. As a result, the plaintiff exercised his right of access, which did not run smoothly.
The Belgian DPA established that the controller did not sufficiently answer to the request of the plaintiff (Article 15 GDPR), did not respond within the deadline set by the GDPR (Article 12.3 GDPR) and was not sufficiently transparent (Article 12.1 GDPR). For these reasons, the Belgian DPA considers that the exercise of the rights of the plaintiff were not sufficiently facilitated, as required by article 12.2 of the GDPR.
#dpa-be #GDPR #fine