Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Hungary: NAIH fines a company HUF 10M for unlawful data processing under the GDPR
On May 17, 2024, the Hungarian National Authority for Data Protection and Freedom of Information (NAIH) issued decision No. NAIH/3977-4/2023, in which it fined a company HUF 10 million (approx. $28,213) for violating the General Data Protection Regulation (GDPR).
Background to the decision
The NAIH outlined that a company published personal data based on the applicant's testimony in a criminal proceeding regarding the applicant's professional activity as a midwife and their role in the criminal proceeding in an online article. The applicant objected to the processing of personal data and requested its deletion. Unsatisfied with the fulfillment of the requests, the applicant proceeded to raise a complaint with the NAIH.
Findings of the NAIH
The NAIH found that the company disclosed the applicant's personal data without an appropriate legal basis, violating Article 6 of the GDPR. Furthermore, the NAIH found that, following a data subject request from the applicant, the company carried out an assessment of interests supporting its legitimate interests, disregarding the applicant's rights, and as a result, the company did not delete the illegally processed personal data, in violation of Article 17(1), 17(3), and 21(1) of the GDPR.
The NAIH also stated that the company infringed Articles 14(2), 15(1), and 15(3) of the GDPR by not providing the applicant with information on the processing of personal data and the personal data managed by the company in relation to the applicant. Lastly, the NAIH found that the company did not prove the legal purpose of processing personal data as falling under public interest, thus violating Articles 5(1)(a) to (c) and 5(2) of the GDPR.
Outcomes
Following the conclusions above, the NAIH ordered the company:
- to pay a fine of HUF 10 million (approx. $28,213);
- to erase the personal data illegally processed; and
- restrict access to personal data until the expiry of the legal deadline for challenging the decision or, in the case of an administrative lawsuit, until the final decision of the court.
You can download the decision, only available in Hungarian, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
