Regulatory actions, fines, warnings, and enforcement decisions
€770 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 770 on Konstantin Ninov, a secretary of the central election commission. The controller forwarded personal data, including voter lists, to his private email address.
€1,020 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 1,020 on a telecommunications operator. The controller did not implement sufficient identification methodes, resulting in a customer profile being created for an individual who neither knew nor wanted a profile to be made.
€5,100 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 5,100 on a data controller. An employee of the controller had lodged a complaint with the DPA. The employee had received a ticket for a traffic offense in Germany that they apparently committed while driving one of the controller's vehicles. However, the data subject correctly stated that at the time of the traffic offense they had been on sick leave and someone else had been driving the vehicle. For this reason, the DPA found that the controller had u
€12,800 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 12,800 on a political party. In preparation for an upcoming election, the controller submitted a list of supporters to the Central Election Committee. This list included individuals who had not consented to being included.
€1,020 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 1,020 on a telecommunications operator. The controller did not implement sufficient technical and organisational measures to ensure data security, resulting in an application for a provider change being processed for an individual who did not apply for one.
€500,000 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 500,000 on Bulgarian Posts EAD. The controller had suffered a hacking attack, during which the attackers managed to access the controller's databases. During its investigation, the DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data in order to avoid a data breach.
€5,000 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 5,000 on a trucking company. The controller had disclosed personal data of a former employee to third parties without a valid legal basis.
€12,800 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has imposed a fine of EUR 12,800 on a political party. Several individuals had filed a complaint with the DPA because their personal data had been added to voter lists without their consent.
€380 fine - Bulgarian Commission for Personal Data Protection (KZLD)
The Bulgarian DPA has fined a bank EUR 380 for the unlawful transfer of personal data to third parties.
€27,100 fine - Bulgarian Commission for Personal Data Protection (KZLD)
Repeated registration of prepaid services without the knowledge and consent of the data subject Employees of the telecommunications provider have used personal data and registered the complainant with the company's prepaid service. The data subject had not signed the application and had not consented to the processing of his personal data for the stated purpose. There was also no other legal basis applicable. The signature of the application and the complainant own genuine application were not i
€500 fine - Bulgarian Commission for Personal Data Protection (KZLD)
An employee sent a request to his employer for access to personal data concerning him. The request was not answered in time and not in a complete way.
€500 fine - Bulgarian Commission for Personal Data Protection (KZLD)
A bank gained personal data concernign a student wihtout a legal basis.
€500 fine - Bulgarian Commission for Personal Data Protection (KZLD)
A fine of 1000 BGN (or roughly 500 EUR) was imposed on a bank for calling a client for the unresolved bills of his neighbor. This provoked the client to evoke his right to be forgotten. After not receiving any answer from the bank he filed another motion, for which the bank did take action in the statutory period. Nonetheless, the client filed a complaint to KZLD. The infringement for which the bank was fined was for the processing of the client’s personal data was not linked to his consumer cre