Nine months after the GDPR’s implementation date comes the first fine issued by the Bulgarian data protection authority – KZLD (Commission for Personal Data Protection)
1000 BGN (or roughly 500 EUR) is the fine imposed on a bank for calling a client for the unresolved bills of his neighbor. This, of course, provoked the client to evoke his right to be forgotten. After not receiving any answer from the bank he filed another motion, for which the bank did take action in the statutory period. Nonetheless, the client filed a complaint to KZLD.
The infringement for which the bank was fined was for the processing of the client’s personal data was not linked to his consumer credit agreement. Since the purpose for which the data were processed was different from that communicated at the time of conclusion of the contract, the bank had to request additional consent from its client.
Though not a notoriously big fine, it serves the purpose of a warning and will surely make a precedent in the future.