The Polish Supervisory Authority fined a company €220,000 that processed contact data obtained from publicly available sources without informing the individuals concerned. The company scraped contact data from public registries to prepare trade reports, contact lists and “to provide other business and management consulting services” to its clients. In its defense the company asserted the data constitutes publicly available information; the processing only involved very limited data (only contact details); and the risk to the rights and freedoms of the individuals was low. The company was found to have intentionally violated Article 14 GDPR motivated by a desire to avoid additional costs associated with informing the individuals about the processing of their data.

Read more

Posted Under: International, Poland

Post By Nix (1,198 Posts)