Privacy Blog
Italian SA Fines Unicredit S.p.A.
The case was brought about by a complaint over the controller's (the complainant's employer's) inability to respond to an access request.
The Italian SA found that the reply provided by Unicredit S.p.A. to the access request prior to the complaint was devoid of any substance as the company made any reply conditional upon the filling out of a pre-set form.
The business believed it was within its rights to ignore access requests that were made without using the designated form, and it only responded to the data subject after he complained. In this regard, the Italian SA made it clear that a request for access could not be handled by giving an information notice in accordance with Articles 13 and 14 of the GDPR.
A EUR 70,000 administrative fine was imposed on the controller who was ordered to grant the access request by the data subject.
You can reach further information here.
Kind regards,
Zumbul Attorneys at Law