Enforcement

€10,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 10,000 on a Fire Brigade Head Quarter. The controller had stored health data of an employee which had been in relation with her sick leave. The controller stored every detail of the medical condition, treatment and other related data. The ammount of data processed had not been necessary for the purpose and therefore no legal basis.

€10,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 10,000 on SIGMA & KAPPA IMPORTING SOCIÉTÉ ANONYME. The fined entity is the processor of Thessaloniki–Thessaly Gas Supply Company S.A. (ETid-3016). The processor, a call center involved in direct marketing activities, had not implemented sufficient technical and organisational measures to prevent operators from calling data subjects who had not given their consent for direct marketing calls.

€80,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 80,000 on ONE WAY PRIVATE COMPANY. The fined entity is the processor of Thessaloniki–Thessaly Gas Supply Company S.A. (ETid-3016). The processor, a call center involved in direct marketing activities, had implemented a system to check whether consent had been given to contact a specific person. However, this system could be bypassed or ignored by the operator, resulting in data subjects being contacted without their consent. Furthermore, the controller had

€5,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 5,000 on REVMA PLUS Retail S.A.. The fined entity is the processor of Thessaloniki–Thessaly Gas Supply Company S.A. (ETid-3016). The processor, a call center involved in direct marketing activities, suffered a technical error in its system that prevented operators from calling data subjects that had not given their consent for direct marketing calls. The processor also failed to inform the controller of the technical error.

€10,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 10,000 on Thessaloniki–Thessaly Gas Supply Company S.A. The controller, an energy provider, used external processors for direct marketing via telephone. The controller forwarded complaints by data subjects to the external processors, but failed to ensure, that the processors response was adequate, gernerally failing to adequatly controll processors.

Boete van €1.000 - Griekse Autoriteit voor Gegevensbescherming (HDPA).

De Griekse autoriteit voor gegevensbescherming heeft een bedrijf een boete van 1.000 euro opgelegd. Het bedrijf heeft niet adequaat gereageerd op een verzoek van een betrokkene om gebruik te maken van zijn rechten met betrekking tot zijn persoonsgegevens.

€1,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 1,000 on a Company. The controller failed to react adequately to a data subject's request to exercise their rights.

€10,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 10,000 on the Municipality of Moschato–Tavros. The controller installed a video surveillance system in a depot to protect municipal vehicles. However, the controller failed to ensure, during the design phase, that the cameras only processed the necessary data. They also failed to adequately inform their employees and record the processing activities.

Boete van €10.000 - Griekse Autoriteit voor Gegevensbescherming (HDPA).

De Griekse Autoriteit Persoonsgegevens (DPA) heeft de gemeente Moschato–Tavros een boete van 10.000 euro opgelegd. De verantwoordelijke partij heeft een videobewakingssysteem geïnstalleerd in een depot om gemeentelijke voertuigen te beschermen. Echter, de verantwoordelijke partij heeft tijdens de ontwerpfase nagelaten ervoor te zorgen dat de camera's alleen de noodzakelijke gegevens verwerkten. Bovendien hebben ze hun werknemers niet voldoende geïnformeerd en de verwerkingen niet adequaat vastgelegd.

Boete van €9.000 - Griekse Autoriteit voor Gegevensbescherming (HDPA).

De Griekse autoriteit voor gegevensbescherming heeft een boete van 9.000 euro opgelegd aan Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A. De verantwoordelijke partij heeft de identiteit van een anonieme auteur onthuld door hun volledige naam te vermelden, naast andere persoonlijke gegevens en het pseudoniem waaronder hun werk is gepubliceerd.

€9,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 9,000 on Hestia Publishers & Booksellers I. D. Kollaros & Co. S.A. The controller disclosed the identity of an anonymous author by including their legal name alongside other personal data and the pseudonym under which their work was published.

€2,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 2,000 on PAVLOS BIKOS SOLE PROPRIETORSHIP DENTAL PRIVATE CAPITAL COMPANY. The fined party was a data processor in case ETid: 2880. During the investigation into this case, the data processor did not cooperate adequately with the supervisory authority.

€20,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 20,000 on NN Greek Single-Member Anonymous Life Insurance Company. The controller failed to provide the data subject with the personal data they had requested, thereby infringing the data subject's right of access.

Een boete van 2.000 euro - Hellenic Data Protection Authority (HDPA).

De Griekse Autoriteit Persoonsgegevens heeft een boete van 2.000 euro opgelegd aan het bedrijf PAVLOS BIKOS SOLE PROPRIETORSHIP DENTAL PRIVATE CAPITAL COMPANY. Het bedrijf was een gegevensverwerker in zaaknummer ETid: 2880. Tijdens het onderzoek naar deze zaak heeft de gegevensverwerker niet voldoende meegewerkt met de toezichthoudende autoriteit.

Boete van 20.000 euro - Griekse Autoriteit voor Gegevensbescherming (HDPA).

De Griekse autoriteit voor gegevensbescherming heeft een boete van 20.000 euro opgelegd aan de Griekse levensverzekeringsmaatschappij NN Greek Single-Member Anonymous. De verantwoordelijke partij heeft de betrokkene niet de gevraagde persoonsgegevens verstrekt, waardoor het recht van de betrokkene op inzage is geschonden.

€3,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 3,000 on Zougla TZI-AP Anonymous Media Company. The controller, who operates a news website, published an article revealing the personal data of an individual without a sufficient legal basis. The controller also failed to cooperate adequately with the DPA.

Boete van €3.000 - Griekse Autoriteit voor Gegevensbescherming (HDPA).

De Griekse Autoriteit Persoonsgegevens (DPA) heeft een boete van 3.000 euro opgelegd aan het bedrijf Zougla TZI-AP Anonymous Media Company. Het bedrijf, dat een nieuwssite exploiteert, heeft een artikel gepubliceerd waarin persoonlijke gegevens van een individu werden onthuld zonder voldoende juridische basis. Bovendien heeft het bedrijf onvoldoende meegewerkt met de DPA.

Een boete van 550.000 euro - Hellenic Data Protection Authority (HDPA).

De Griekse autoriteit voor gegevensbescherming heeft Vodafone – PANAFON A.E.E.T. een boete van 550.000 euro opgelegd. De verantwoordelijke partij heeft onvoldoende technische en organisatorische maatregelen genomen om de gegevensbeveiliging te waarborgen, waardoor een telecomwinkel ten onrechte meerdere SIM-kaarten aan dezelfde persoon kon toewijzen. De verantwoordelijke partij heeft ook geen dataverwerker gebruikt die de implementatie van voldoende technische en organisatorische maatregelen kon garanderen, en heeft de verwerking niet beheerd met een adequaat gegevensverwerkingsproces.

Boete van 40.000 euro - Griekse Autoriteit voor Gegevensbescherming (HDPA).

De Griekse autoriteit voor gegevensbescherming heeft een boete van 40.000 euro opgelegd aan KARAMBELAS KONSTANTINOS & CO. E.E. Deze organisatie, die gegevens verwerkte voor een telecomprovider (ETid: 2878), heeft onvoldoende technische en organisatorische maatregelen genomen om de gegevensbeveiliging te waarborgen. Hierdoor zijn meerdere SIM-kaarten geregistreerd op naam van een derde persoon.

€40,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 40,000 on KARAMBELAS KONSTANTINOS & CO. E.E. The processor, which was processing data for a telecommunications provider (ETid: 2878), failed to implement sufficient technical and organisational measures to ensure data security. This resulted in multiple SIM cards being registered in a third person's name.

€550,000 fine - Hellenic Data Protection Authority (HDPA)

The Greek DPA has imposed a fine of EUR 550,000 on Vodafone – PANAFON A.E.E.T. The controller failed to implement sufficient technical and organisational measures to ensure data security, resulting in a telecommunications shop being able to wrongfully assign multiple SIM cards to an individual. The controller also failed to use a processor that could guarantee the implementation of sufficient technical and organisational measures, and failed to govern the processing with an adequate data process

Een boete van €7.000 - Hellenic Data Protection Authority (HDPA).

De Griekse Autoriteit Persoonsgegevens (DPA) heeft het Universitair Ziekenhuis van Larissa een boete van 7.000 euro opgelegd. De verantwoordelijke partij heeft nagelaten om de rechten van de betrokkenen op een adequate manier te waarborgen. Bovendien heeft de verantwoordelijke partij niet aangetoond dat de gegevensverwerking plaatsvond in overeenstemming met de algemene principes.

€7,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 7,000 on the General Hospital of the University of Larissa. The controller failed to adequately fulfil the rights of data subjects. It also failed to demonstrate that it processed data in accordance with the general principles.

€10,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 10,000 on Shield of David - K.I.D.A.F. The controller, a day care centre for people with autism, has legally installed video surveillance on its premises. However, the controller failed to adequately respond to a data subject's request to exercise their rights. Furthermore, the controller forwarded data to third entities without notifying the data subject. Lastly, the controller failed to cooperate adequately with the DPA.

Boete van €10.000 - Griekse Autoriteit voor Gegevensbescherming (HDPA).

De Griekse Autoriteit Persoonsgegevens (DPA) heeft een boete van 10.000 euro opgelegd aan Shield of David - K.I.D.A.F. De verantwoordelijke, een kinderdagverblijf voor mensen met autisme, heeft wettelijk videobewaking geïnstalleerd in haar gebouwen. Echter, de verantwoordelijke heeft niet adequaat gereageerd op een verzoek van een betrokkene om gebruik te maken van haar rechten. Bovendien heeft de verantwoordelijke gegevens doorgegeven aan derden zonder de betrokkene hiervan te informeren. Ten slotte heeft de verantwoordelijke niet voldoende meegewerkt met de Autoriteit Persoonsgegevens.

Een boete van 50.000 euro - Hellenic Data Protection Authority (HDPA).

De Griekse Autoriteit Persoonsgegevens (Hellenic DPA) heeft een boete van 50.000 euro opgelegd aan Piraeus Bank S.A. De verantwoordelijke partij heeft persoonlijke gegevens verwerkt, terwijl de betrokkene hiertegen bezwaar had gemaakt.

€50,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 50,000 on Piraeus Bank S.A.The controller has processed personal data even though the data subject rightfully opposed the the data processing.

€5,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 5,000 on a gynaecologist. The controller failed to completely fullfill an information request by a patient.

Een boete van €5.000 - Hellenic Data Protection Authority (HDPA).

De Griekse autoriteit voor gegevensbescherming heeft een gynaecoloog een boete van 5.000 euro opgelegd. De arts heeft niet volledig aan een informatieverzoek van een patiënt voldaan.

€1,400 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 1,400 on an attorney. An individual had filed a complaint with the DPA because the controller did not adequately respond to their request for access to their personal data in a case file. Furthermore, the DPA found that the controller had not sufficiently cooperated with the DPA.

€50,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 50,000 on METRO SA. A former employee had sent text messages to the private mobile phone of a customer who had a user account in the company's online store and had placed orders that had been delivered to them by the employee a few days earlier. The customer then reported the incident to the controller and requested access to and deletion of their personal data. However, the controller did not respond to the incident, arguing that the order was in their

€400,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA imposed a fine of EUR 400,000 on the Ministry of Interior for leaking email addresses from the voter registry of Greek expatriates. These personal data, which were intended for electoral purposes, were subsequently misused by a Member of the European Parliament (MEP) to send unsolicited political communications.

€40,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 40,000 on a Member of the European Parliament. The fine was imposed due to their misuse of email addresses, leaked from the voter registry of Greek expatriates by the Ministry of the Interior, to send unsolicited political communications.

€175,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 175,000 on the Greek Ministry of Immigration and Asylum. The DPA found that the controller had failed to properly carry out a required data protection impact assessment and had not cooperated properly with the DPA.

€2,995,140 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 2,995,140 on the Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ). The controller had suffered a data breach which resulted in personal data being accessed and later published on the Dark Web. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to prevent such an incident.

€5,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 5,000 on the municipality of Athens for failing to sufficiently cooperate with the DPA.

€25,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 25,000 on the Ministry of Rural Development and Food for failing to appoint a data protection officer and not sufficiently cooperating with the DPA.

€10,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 10,000 on Alpha Bank. A data subject had filed a complaint with the DPA due to the controller's failure to respond to a request of access to their personal data in a timely manner.

€20,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 20,000 on Piraeus Leasing S.M.S.A.. An individual had filed a complaint with the DPA because the controller processed an image on which the license plate of the individual's car was visible. The DPA also found that the controller had not complied with the request for access to their personal data.

€5,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 5,000 on a municipality. The municipality had published a person's personal data on the municipality's website and failed to comply with the data subject's request for deletion.

€1,000 fine - Hellenic Data Protection Authority (HDPA)

Unlawful disclosure of health data.

€50,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA imposed a fine of EUR 50,000 on the Athens Urban Transport Organization. As part of its investigation, the DPA found that the controller had failed to comply with the principle of data protection by design and by default. It also failed to carry out a data protection impact assessment and to set appropriate retention periods for the storage of personal data.

€210,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 210,000 on Piraeus Bank. During its investigation, the DPA found that the bank had processed personal data of customers in violation of the principle of lawfulness. In addition, the DPA found that the bank had processed personal data without taking appropriate and effective technical and organizational measures to process only the data necessary for the specific purpose. Finally, the DPA found that the bank had failed to properly comply with a data subj

€150,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 150,000 on NOVA TELECOMMUNICATIONS & MEDIA ΜΟΝΟΠΡΟΣΩΠΗ. Α.Ε., imposed a fine of EUR 150,000. A customer had filed a complaint with the DPA. During its investigation, the DPA found that the controller had sent promotional emails several times despite the objection of the data subject. In addition, the controller failed to comply with the data subject's right to access.

€40,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 40,000 on Vodafone. An individual had filed a complaint with the DPA because, following a request for access to records of conversations with a Vodafone call center, Vodafone had provided them with another customer's conversations. Vodafone in addition failed to report this incident to the DPA in a timely manner.

€10,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 10,000 on Vodafone. An individual had filed a complaint with the DPA because they had received a package containing promotional gifts from a company working with Vodafone, even though they had expressly objected to the use of their data for promotional purposes. During its investigation, the DPA found that the controller processed the data without a valid legal basis and thus acted unlawfully. The DPA also found that the controller could not prove that

€30,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 30,000 on Piraeus Bank. A customer had filed a complaint with the DPA because the bank had disclosed transaction and account balance information from two bank accounts of which they were joint owners to the heirs of the other owner in the course of legal proceedings. The DPA determined, that the disclosure of the joint account information was unlawful. In addition, the bank failed to report the incident to the DPA and the data subject in a timely manner

€50,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has fined Intellexa SA EUR 50,000. The controller had not properly cooperated with the DPA during an investigation.

€7,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 7,000 on the company ΜΑΡΙΑ ΠΕΔΙΩΤΗ ΚΑΙ ΣΙΑ Ο.Ε. The company had not sufficiently complied with the request for information from a person, as the information was late and incomplete. In addition, the controller did not sufficiently cooperate with the DPA.

€20,000 fine - Hellenic Data Protection Authority (HDPA)

The Hellenic DPA has imposed a fine of EUR 20,000 on ALFA BANK S.A.. In the context of the use of certain debit/credit cards, information of the last 10 transactions were stored on the chip of the card without the customers' explicit consent. This information could be read out later. The DPA found that the bank had failed to inform affected customers about this storage of transaction information and therefore violated Art. 13 GDPR.