Enforcement

€3,140 fine - Czech Data Protection Auhtority (UOOU)

The bank established a personal bank account for a data subject without his consent or knowledge. The bank supposedly had his personal data available because the subject had disposed of his employer’s company account. The bank was not able to provide The Office for Personal Data Protection with the necessary documentation to prove entering into contract with the data subject.

Boete van €3.140 - Tsjechische Autoriteit voor Gegevensbescherming (UOOU).

De bank heeft een persoonlijke bankrekening geopend voor een betrokkene zonder zijn toestemming of kennis. De bank beweerde zijn persoonlijke gegevens te hebben omdat de betrokkene een bedrijfsrekening van zijn werkgever had gesloten. De bank kon het Bureau voor Persoonsgegevens niet de benodigde documenten verstrekken om aan te tonen dat er een overeenkomst was gesloten met de betrokkene.

€980 fine - Czech Data Protection Auhtority (UOOU)

The operator of an online game was exposed to several DDoS attacks which caused the malfunctioning of the servers. The attacker blackmailed the operator stating that the attacks will not stop unless he pays money. As part of the blackmail, the attacker offered the operator that he will create an upgraded and better firewall protection to the servers of the operator. The operator agreed and paid the attacker. The operator implemented the new code from the attacker which proved better than the old

Een boete van 588 euro - opgelegd door de Tsjechische Autoriteit voor Gegevensbescherming (UOOU).

Het bedrijf heeft een kopie van een identiteitsbewijs met een foto van de betrokkene verkregen, met zijn toestemming. Echter, het bedrijf heeft niet gereageerd op zijn intrekking van die toestemming en is doorgegaan met de verwerking van zijn persoonlijke gegevens.

€588 fine - Czech Data Protection Auhtority (UOOU)

The company obtained a copy of photographic ID of the personal data subject with his consent, however did not react to his consent withdrawal and continued in processing of his personal data.

Boete van €980 - Tsjechische Autoriteit voor Gegevensbescherming (UOOU).

De beheerder van een online spel is het slachtoffer geworden van meerdere DDoS-aanvallen, wat resulteerde in storingen van de servers. De aanvaller chanteerde de beheerder en dreigde dat de aanvallen niet zouden stoppen tenzij er geld werd betaald. Als onderdeel van de chantage bood de aanvaller aan om een verbeterde en betere firewallbescherming voor de servers van de beheerder te implementeren. De beheerder stemde ermee in en betaalde de aanvaller. De beheerder implementeerde de nieuwe code van de aanvaller, wat bleek beter te zijn dan de oude.

€13,900,000 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has fined Avast Software s.r.o. EUR 13.9 million. The company had disclosed the personal data of around 100 million users of its antivirus software to the US company Jumpshot. Avast had transferred this data, including the users' pseudonymized Internet browsing history in connection with a unique ID, to Jumpshot, but falsely declared it to be anonymized. Users were incorrectly informed about the transfer of anonymized data, although partial identification of the data subjects was p

€1,040 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 1,040 on a self employed person. The accused's website did not comply with GDPR requirements for cookies, as it processed data before obtaining consent, set cookies with an excessive expiration period, and may have transferred data outside the EU and EEA. The inspection was initiated by a Polish citizen. Despite a warning from the Office for personal data protection, the accused failed to address these issues.

€1,600 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 1,600 on a legal person. The accused did not comply with the data subject's request to delete their data from its database and sent them another commercial communication via SMS.

Czech Data Protection Auhtority (UOOU)

In the period from January 2023 to July 2023, the Czech DPA imposed fines totaling EUR 178,000, with the highest fine being EUR 36,000. These fines were imposed due to unlawful processing of personal data in relation to cookies. The types of violations vary. Given examples are: Insufficient legal basis, insufficient compliance with information obligations or design issues. The DPA emphasizes that it will not publish individual fines due to the non-public nature of administrative proceedings.

€3,570 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 3,570 on a legal person. Following the complaint, the Office for personal data protection carried out an inspection of the accused's website. It found that its cookies also processed data for third parties and were transferred abroad (USA).

€1,560 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 1,560 on a legal person. The accused missed the deadline for the required information on action taken to the data subject when it did not respond to their request for the deletion of the CCTV footage taken during the visit to the brick-and-mortar branch of the accused. The data subject visited the brick-and-mortar branch to deliver documents related to the termination of their employment with the accused.

€3,810 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 3,810 on a legal person. The accused unlawfully processed the personal data of an unspecified number of creditors to purchase their claims against a debtor company, without a legal basis. She also failed to inform the data subjects about this processing, having obtained their data from another company rather than directly from them.

€600 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 600 on a legal person. The order was issued based on the carried out inspection. The accused did not provide information on its website about the legal basis for the processing of personal data in a comprehensible manner because it did not clearly attribute a specific legal basis to a particular processing of personal data.

€400 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 400 on a legal person. The accused did not provide access to information about the purpose of the processing, the storage period, the sources of the personal data, the possible recipients to whom the personal data have been or will be transferred, the right to request the controller to rectify or erase the personal data or to restrict or object to the processing and the right to lodge a complaint with a supervisory authority.

€3,400 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA imposed a fine of EUR 3,400 on a company. The data subject had concluded an energy supply contract with the controller in the past, but then duly terminated it. Nevertheless, the controller assigned the previously terminated contract to a processor (sales representative) in order to contact the data subject to conclude a new contract. The DPA found that the controller had unlawfully transferred the data subject's data to the sales agent, as in the absence of an existing contract it

€800 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 800 on a legal person. The accused did not respond to the complainant's repeated requests for copies of the telephone recordings.

€1,000 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 1,000 on a legal person. For at least two months, the accused incorrectly included 50 entities in the published list of processors, even though they were not actually processors.

€2,000 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 2,000 on an unknown controller. The accused did not respond to the subject's request to disclose what information the accused was processing about him and how the accused obtained the address for his data box, which is tied to an individual. Nor did she respond to a notice from the Authority.

€2,000 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 2,000 on a legal person. The accused did not respond to the subject's request to disclose what information the accused was processing about him and how the accused obtained the address for his data box, which is tied to an individual. Nor did she respond to a notice from the Authority.

€2,000 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 2,000 on a legal person. The accused did not respond to the complainant's repeated requests to provide access to personal data and to provide information on how she had obtained the contact details of his data box.

€2,000 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUr 2,000 on a legal person. The accused did not respond to the subject's request to disclose what information the accused was processing about them and how the accused obtained their data box address, which is tied to an individual. Nor did it respond to a notice from the Office for personal data protection.

€800 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 800 on a legal person. The accused did not respond to its former employee's request to delete their former work email and even told the Office for personal data protection that the response was not necessary.

€200 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 200 on a self employed person. The accused obtained scans of identity cards from foreign subjects who booked accommodation there and kept them for an indefinite period of time. The accused was then unable to provide evidence of consent to such processing to the personal data.

€1,200 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 1,200 on a legal person. The accused was sending commercial communications to the complainant, despite their objection to the processing of personal data and the notification from the authority.

€400 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 400 on a legal person. The accused was sending commercial communications to the complainant, despite their objection to the processing of personal data and the notification from the authority.

€80 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 80 on a legal person. The accused was sending commercial communications to the complainant, despite their objection to the processing of personal data and the notification from the authority.

€26,710 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 11,430 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€11,430 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 11,430 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€1,200 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 1,200 on a legal person. The accused sent unsolicited commercial communications to the complainant and failed to respond to their repeated requests for information on data processing.

€118,500 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA (UOOU) fined 11 companies a total of EUR 118,500 for sending unrequested postal advertising messages to the mailboxes of various citizens. Based on a decision by the government of the Czech Republic at the end of October, there was introduced the possibility to send postal data messages at no charge until the end of the Covid-19 pandemic. The fined companies misused this possibility. The DPA finds that the companies had no legal ground for sending offers for goods and services, con

€11,430 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,340 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€8,800 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,800 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€200 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 200 on a legal person. The accused sent the data subject, despite his objection and therefore his disagreement with further processing of personal data, a request for a financial contribution (marketing communication).

€11,830 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,340 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€8,340 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,340 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€8,100 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,100 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€26,710 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 11,430 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€9,420 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,340 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€12,910 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,340 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€8,800 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,800 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€11,430 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 11,430 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€10,070 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 8,340 on a legal person. During the state of emergency (COVID-19 pandemic), the accused sent unsolicited marketing communications for a period of at least one month to data mailbox holders, which is an aggravating factor.

€800 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 800 on a legal person. The complainant had worked with the accused over the years as an employee, collaborator, author, licensor, and customer. When she requested access to her personal data, the accused provided only limited information. Despite a follow-up request and a notice from the Office for personal data protection, the missing information was not provided.

€1,200 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 1,200 on a legal person. The accused sent the subject a commercial offer via SMS after assuring the data subject that their data was deleted from its database.

€2,000 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of Eur 2,000 on a legal person. The accused failed to comply with the request to erase the auction notice with the personal data and failed to respond to the notice from the Office for personal data protection.

€4,800 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 4,800 on a legal person. In the course of the business activities, the accused contacted business entities, owners of industrial rights, with a form offering to register them in private registers containing data on entrepreneurs and companies.

€12,030 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 12,030 on a legal person. The accused did not comply with the complainant's request to erase their data. The company implemented an expensive and complicated procedure for data deletion, but it ultimately did not achieve the desired result. The association was supposed to provide businessmen with information about the creditworthiness of their potential clients.

€20,050 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 20,050 on a legal person. The accused processes hundreds of thousands of personal data on the website about self-employed persons without legal basis, at least in the scope of name, surname and ID number, when these personal data are translated from the commercial, trade and other public registers. Moreover, the accused did not respond to requests for access to personal data.

€400 fine - Czech Data Protection Auhtority (UOOU)

The Czech DPA has imposed a fine of EUR 400 on a legal person. Proceedings were initiated following an inspection carried out in response to a complaint. The accused processed and archived personal data for the purpose of offering services via a call centre. However, the data was processed without a valid legal basis. While the data subjects had purportedly given consent verbally over the phone, no evidence of this was available. Additionally, the accused used cookies in breach of the GDPR and e