Czech Republic: UOOU imposes fine of CZK 250,000 for GDPR violations
The Office for Personal Data Protection ('UOOU') issued, on 21 March 2019, a decision ('the Decision') imposing a fine of CZK 250,000 (approx. €10,000) on an unnamed company for breach of Articles 5(1)(c) and 5(1)(e) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Decision finds that the company had violated Article 5(1)(c) of the GDPR because it requested from the clients a biometric signature for the closing of a contract, which was unnecessary for this purpose. In addition, the Decision states that the provision on the contract allowing the company to retain records of telephone calls with clients for the entire duration of the contract and for a further 10 years from the fulfilment of all the obligations of the client, violated Article 5(1)(e) of the GDPR.
You can read the Decision, only available in Czech, here.