Details:

Summary The Icelandic DPA has imposed a fine of EUR 257,000 on Creditinfo Lánstraust hf.. The controller had registered information on loan defaults even though the required registration conditions for this have not been in place. For instance, unpaid small loans were registered although they were below the required minimum amount. In assessing the fine, the fact that a large number of people were affected by the incident and that the controller was pursuing profits were considered aggravating factors.
Link: link
Related articles:  Art. 5 (1), (2) GDPR, Art. 6 (1) GDPR, Art. 8 laga nr. 90/2018, Art. 9 laga nr. 90/2018
Type: Insufficient legal basis for data processing
Fine: EUR 257,000
Sector Finance, Insurance and Consulting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law