Date: 13.09.2024
The Hellenic Supervisory Authority (SA) imposed an administrative fine of €400,000 on the Ministry of the Interior for GDPR violations related to the unauthorized transfer of personal data from the electoral register. The investigation began after numerous complaints about unsolicited political communication via email in March 2024, related to an initiative for the European elections.
Key Findings
- Unauthorized Data Transfer: It was found that a file containing personal data of registered expatriate voters for the June 2024 elections was transferred outside the Ministry. The file included email addresses and phone numbers, which should not have been shared.
- Further Violations: The Ministry was found in breach of Articles 5, 25, 30, 32, and 33 of the GDPR and was instructed to implement compliant measures within a specified timeframe.
An additional fine of €40,000 was imposed on another controller for breaching Articles 5, 6, and 14 of the GDPR, along with an order to delete unlawfully processed data. The case involving the political party New Democracy requires further investigation.
Source: Hellenic Supervisory Authority