Finland: Deputy Ombudsman fines Posti €100,000 for GDPR transparency violations
The Office of the Data Protection Ombudsman ('the Ombudsman') announced, on 22 May 2020, that the Deputy Data Protection Ombudsman ('the Deputy Ombudsman'), had issued a decision ('the Decision') in which it fined Posti Group Oyj €100,000 for transparency violations, noting that the violations affected 161,000 customers in 2019. In particular, the Decision relates to complaints received by the Ombudsman in which it was alleged that complainants received direct marketing from Posti after requesting that their postal data be removed by the company. In addition, the Decision finds that Posti's processing of personal data had not been transparent in accordance with Article 5 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and that Posti had not provided the necessary information to data subjects as required under Article 12 of the GDPR.
Update (29 May 2020)
EDPB issues statement on Deputy Ombudsman Posti fine
The European Data Protection Board ('EDPB') issued, on 27 May 2020, a statement ('the Statement') on the Deputy Ombudsman's decision to fine Posti Group Oy.
You can read the Statement here.