The Belgian Data Protection Authority (Belgian DPA) issued Decision No. 108/2024 on August 27, 2024, imposing a fine of €8,000 on an unnamed company for violating the General Data Protection Regulation (GDPR). The fine follows a complaint from an individual who received unwanted commercial emails from the company.
Details of the Decision
The complaint stated that the individual received unsolicited emails on October 2, 2018, and continued to receive them despite requesting data erasure. The Belgian DPA’s investigation revealed the individual’s data was transferred to the company due to the bankruptcy of a football club to which the complainant was subscribed.
The Belgian DPA found the company in breach of Article 21(4) of the GDPR for not properly notifying the individual about the right to opt-out of marketing communications. Additionally, it violated Articles 5(1)(a), 12(1), and 14 for failing to provide necessary information on data processing transparency, and Articles 12(3), 12(4), and 15(1) for not fulfilling the right of access.