Enforcement

€26,400 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 26,400 on a debt collector. The controller processed the personal data of a natural person, specifically data relating to a consumer credit loan debt. The data subject requested that the stored data be deleted, but the controller only fulfilled this request partially.

€205,000 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 205,000 against Digi Telecommunications and Services Ltd. The controller had suffered a data breach in which an unauthorized party managed to access personal data of data subjects (e.g. customers and newsletter subscribers) via the controller's website. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data, which facilitated such an incident.

€253,000 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA imposed a fine of EUR 253,000 on the supermarket chain Aldi. Aldi had entered and stored the date of birth of many customers in the checkout system when purchasing alcoholic beverages. This procedure was introduced to make the cashiers' work easier, as the software could quickly calculate whether the person was over 18 or not, but was considered excessive by the DPA. Furthermore, ALDI did not answered any questions about the legal basis for this processing.

€13,300 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 13,300 on a company. A customer had filed a complaint with the DPA because a conversation, which they had with a sales representative of the controller, had been recorded without them being informed about this. The DPA considered this to be a breach of the controller's information obligations under the GDPR.

€80,500 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 80,500 on the spa operator, 'I&S Limited Kft'. During its investigation, the DPA found that the controller had installed video surveillance cameras in its premises, which permanently monitored guests and employees. The DPA found that the controller did not have a valid legal basis for such extensive video surveillance. The controller also failed to properly inform the data subjects about the processing of their personal data. Furthermore, the controlle

€8,000 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 8,000 on a hotel. The controller had installed video surveillance cameras that covered the dining room and a whirlpool area permanently recording guests. The controller had installed the cameras for the purpose of protecting individuals and property. However, during its investigation, the DPA found that the controller's pursued purposes could not be considered proportionate to the severe interference with the guests' privacy. The DPA also found that th

€5,200 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA imposed a fine of EUR 5,200 on a news service. A customer had complained to the DPA about subscribing to a newsletter to receive a daily news digest, however, they had also received direct marketing messages. During its investigation, the DPA found that the processing of the data subjects' personal data for direct marketing purposes was unlawful. As the controller had not sufficiently informed the data subjects of their rights, the DPA found that the data subjects' consent to r

€72,500 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 72,500 on a bank. An individual had filed a complaint with the DPA. The bank had conducted a credit check on the individual based on a credit application. However, the bank later conducted a second credit check, although the individual had not requested a new credit offer. The DPA therefore found that this second credit check was carried out unlawfully due to the lack of a legal basis.

€26,700 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has fined TV2 Média Csoport Zrt. EUR 26,700. In the course of its investigation, the DPA found that the controller had operated two websites without providing adequate information on the handling of personal data on the websites. The DPA also found that the controller failed to obtain consent from users in a transparent and clear manner on the websites.

€1,200 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 1,200 on a health insurance provider. The insurer had published the result of a Covid-19 test of the data subject on its website. This would have allowed unauthorized persons to access the personal data of the data subject. In addition, the insurer had not adequately cooperated with the agency during the DPA's investigation.

€80,700 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA imposed a fine of EUR 80,700 on a coin dealer. During its investigation, the DPA found that the privacy policy did not contain sufficient information about the data processing regarding data of new or prospective customers. The DPA also found that due to the lack of information, the data subjects could not give their informed consent and the data processing was therefore unlawful.

€197,000 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 197,000 on AMPLIFON Hungary Trade and Service Provider LLC. The DPA had received complaints from several data subjects for having received unsolicited invitations to a hearing screening. During its investigation, the DPA found that the company had contacted the data subjects without first obtaining their consent. The company had received the data from the Ministry of the Interior for market research purposes. The DPA found that the company had processe

€735 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 735 on a company. An individual had filed a complaint against the company with the DPA. An employee of the company had made sound recordings with a mobile phone during repair work at the complainant's home without informing the complainant.

€1,500 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 1,500 on a physician. A patient had asked the doctor to send her complete medical records, such as imaging records as well as consent forms regarding her maternity care. However, the physician had not complied with this request.

€8,000 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 8,000 on a party. The party had suffered a data protection breach resulting in six Excel files being made accessible on the Internet. The files contained personal data of party members. The incident affected approximately 2,000 data subjects. During its investigation, the DPA found that the party had failed to take appropriate technical and organizational measures to protect personal data, which allowed such an incident to occur.

€1,300 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 1,300 on a workshop. The workshop had installed a video surveillance system to protect the company's assets. However, the cameras also captured parts of the employee's work area. The DPA found that the recording of the employees was not necessary to ensure the purposes associated with the video surveillance and was therefore disproportionate. The DPA also found that the workshop had not sufficiently complied with its information obligations under Art.

€13,500 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA imposed a fine of EUR 13,500 on a company. An individual had filed a complaint with the DPA, stating that the company had published personal data such as their name, address, telephone number without their consent. Furthermore, the company had not responded to a deletion request from the individual.

€634,000 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) has fined Budapest Bank Zrt. EUR 634,000. NAIH reports that the bank used an artificial intelligence-driven software solution to automate the evaluation of customers' emotional state. The speech evaluation system determined which customers needed to be recalled based on the customer's mood. The bank operated the application to prevent complaints and to keep customers. The bank did not inform the data subjects, that the processing of their data serves, among other things,

€1,600 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA imposed a fine of EUR 1,600 on a physician. A patient had filed a complaint against the controller with the DPA. The patient had asked the doctor to send all medical records after the death of her unborn child. However, the physician did not comply with this request.

€1,400 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has fined a dentist EUR 1,300. The controller had installed several surveillance cameras in their practice, which permanently recorded employees and patients. The controller had installed the cameras for the purpose of protecting property and individuals. However, in the course of its investigation, the DPA determined that such extensive video surveillance interfered too much with the fundamental freedoms of the data subjects and that the surveillance was therefore unlawful.

€80,700 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 80,700 on a beauty salon. The controller had installed video cameras in all its premises, which permanently recorded customers and employees. During its investigation, the DPA found that the controller did not have the required permission to operate the video surveillance system. In addition, the controller processed the data of the customers for marketing purposes without having a valid legal basis and informing the customers about it.

€1,300 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 1,300 on a website operator. An individual had filed a complaint with the DPA against the controller due to the fact that the controller had published personal data of them on the website. The data subject sent a request for access to their data to the controller, but never received a response. Furthermore the controller had not properly cooperated with the DPA during the investigation.

€2,700 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA has imposed a fine of EUR 2,700 on a credit institution. Several individuals had filed a complaint with the DPA due to the fact that the controller had transferred claims from their loan agreements to a new bank account without their consent.

€843 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA imposed a fine of EUR 843 on a lawyer for having unauthorizedly disclosed documents containing personal data of his client in the course of criminal proceedings.

€13,500 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA imposed a fine of EUR 13,500 on a car importer. A customer of one of the company's authorized repair shops filed a complaint with the DPA due to receiving unsolicited emails related to customer surveys from the company after a car inspection. The Hungarian DPA found that the controller did not have a valid legal basis to contact the data subject. It also found that the controller had not complied with its duty to inform under Art. 12 GDPR and Art. 13 GDPR. The emails did not co

€28,400 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) has imposed a fine of EUR 28,400 on Magyar Telekom Nyrt. The controller had mistakenly sent an e-mail newsletter to the data subject. This occurred due to the fact that a third party had mistakenly entered the wrong e-mail address, namely that of the data subject. The data subject then requested the controller to delete his data several times. He continued to receive the newsletter and instead of deleting the data, the controller sent him a link to unsubscribe from the n

€570 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) has imposed a fine of EUR 570 on a company. In the course of his professional activities, a data subject had made a telephone call to a company on September 23, 2019. The company had recorded the conversation without informing the data subject or obtaining his consent, and subsequently made it available to the company where the data subject was employed (the controller). The controller then terminated the employment relationship because the recorded telephone conversatio

€1,400 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) has imposed a fine of EUR 1,400 on a company. In the course of his professional activities, a data subject had made a telephone call to the controller on September 23, 2019. The controller had recorded the conversation without informing the data subject or obtaining his consent and then provided it to the company where the data subject was employed. The employer of the data subject subsequently terminated his employment because the recorded telephone call apparently did

€2,800 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) has imposed a fine of EUR 2,800 on a website operator. The controller had failed to prove the lawfulness of its processing of personal data upon request by the DPA. The DPA considered this to be a breach of the controller's duty of accountability.

€1,425 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) has imposed a fine of EUR 1,425 on the operator of a care facility. The operator had installed a total of 25 cameras in all rooms of the facility, with the exception of the restrooms, locker rooms and the main nurses' station. Both the residents of the facility and the employees were recorded by the video surveillance. The controller states that the cameras were installed for security purposes. These included preventing unauthorized persons from gaining access to the fac

€27,700 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) has fined the XI District Office of the Government of Budapest EUR 27,700.The controller had emailed health data regarding Covid-19 rapid tests, as well as the contact details of the people tested, to doctors in a single Excel file, unencrypted and without any further measures to ensure confidentiality. The DPA found that the controller had failed to implement technical and organizational measures that ensured the protection of personal data. In addition, the controller

€55,400 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) imposed a fine of HUF 20,500,000 (EUR 55,400) on Robinson Tours Idegenforgalmi és Szolgáltató Kft. (Robinson Tours Ltd.) The travel agent's reservation system contained unprotected data of customers, which could be viewed by anyone and found via Google. The data contained, among others, names, contact and address data, copies of personal IDs and passport numbers. During the DPA's investigation, it turned out that the data in question was from a test database created by N

€1,940 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) imposed a fine of HUF 700,000 (EUR 1,940) against a construction company. The controller had installed a video surveillance system at a construction site to protect its property and the physical integrity of the employees. The cameras were aligned in a way that they were able to record a part of the recreation room and thus also the activities of his employees beyond a required extent. The data subjects were not sufficiently informed about this at the time their contract

€97,150 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) imposed a fine of EUR 97,150 against a credit institute. Two parents contacted the Hungarian DPA regarding the processing of personal data by their credit institute related to a 'childbirth incentive loan'. The couple requested a suspension of repayment, for which they had to prove that the fetus is at least 12 weeks old. To certify this fact, the controller copied their entire pregnancy booklet. The NAIH found that the controller violated the principle of data minimizat

€1,385 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) imposed a fine of HUF 50,000 (EUR 1,385) on Next Time Media Ügynökség Kft. (Next Time Media Agency Ltd.). The web agency had been contracted by the travel agency Robinson Tours Idegenforgalmi és Szolgáltató Kft. (Robinson Tours Ltd.) to develop and operate the travel agency's online reservation system. However, the database was not only supplemented with test data, but also with real data of Robinson Tours' customers. In total, the data of 781 people was compromised. Dur

€22,200 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The Hungarian DPA (NAIH) imposed a fine of EUR 22,200 against the Budapest University of Technology and Economics. NAIH finds that the controller unlawfully processed personal data in the course of audits of applications for social scholarships. Among other things, data was processed without a legal basis and in some cases particularly sensitive data was processed, although this was not necessary for the evaluation of the scholarship applications.

€28 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The data subject had subscribed to a newsletter of the controller. After altering his/her e-mail address, he/she continued to receive the newsletter via the old e-mail address. The data subject then contacted the controller, whereupon the controller confirmed that the address had now been updated. Nevertheless, the data subject continued to receive the newsletter via the old e-mail address.

€54,800 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The data controller denied the data subject access to the video material recorded by CCTV in a local store, with which the data subject wanted to prove that he or she had not received any money back after paying in the store. The company not only denied the data subject access to the data according to Art. 15 GDPR (with the argument that this would require an official order), but also deleted the video recordings after a certain period of time, although the data subject had requested the company

€1,700 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

Failure to change the private address of an employee to his new address and to delete the old address as well as insufficient enabling of the employer to exercise his/her rights.

€560 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

Fine imposed on Forbes Hungary for publishing a list of the 50 wealthiest Hungarians and a list of the largest family businesses without a sufficient balance of interests (Art. 6 (1) f) GDPR).

€28 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

Failure to respond to a data subjects request to access information (Art. 15 GDPR - here: about data processed in the context of Google AdWords) in due time.

€288,000 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The company had infringed the principles of purpose limitation and storage restriction because its database contained a large amount of customer data which were no longer relevant for the actual purpose of collection and for which no retention period had been set. Furthermore, the NAIH pointed out that the defendant had not taken proportionate measures to reduce the risks in the area of data management and data security, arguing, inter alia, that it had not used encryption mechanisms.

€2,890 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

Due to an administrative error, the personal data of the data subject were registered and transferred to the Central Credit Information System (CCI) in connection with a loan agreement, without the data subject being a party to the agreement.

€5,800 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The data controller has not complied with its obligation regarding the right of access to video recordings and was also unable to demonstrate that his data processing activities had been in compliance with data protection laws.

€870 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

Sending of SMS to a data subject as a reminder for a debt, even when the debt has already been paid.

€290 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

A local representative took a photo of the director of a company fully owned by the local government depicting the director allegedly tearing off an election poster of the opposition in the company of his child. The local representative uploaded the photo to his Facebook page. The child’s image was blurred, yet it was hinted in the post that she was the daughter of the director. The director told the local representative at the scene that he does not consent to the taking of the photo. NAIH dete

€1,450 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

A printed customer list of an accounting firm, which also contained personal data, could be accessed by unauthorized persons.

€1,430 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

The employer restored the mailbox of a director who had left the company a year before and found an email containing a work-related document. The director received no warning that his former inbox would be activated and did not have a chance to copy / delete his private data (passwords and financial information). According to NAIH, an employee or a representative should be present when the employee's data is being accessed, even if the employment has been terminated. Employees should be able to

€7,400 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

A military hospital did not meet the reporting deadline for data breaches. Another part of the fine relates to a lack of technical and organisational measures.

€2,860 fine - Hungarian National Authority for Data Protection and the Freedom of Information (NAIH)

An employee was on sick leave when his employer checked his desktop, laptop and emails to ensure that his work-related duties were being covered in his absence. The employer then suspended his account. The employee did not receive pre-notification and did not have the chance to copy / delete his private information (telephone numbers, messages). According to NAIH, employers must record the access with minutes and photos. Employment agreements must regulate whether employees can use work equipmen