Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Italy: Garante fines I-Model €10,000 for failure to adequately respond to access request and unlawful processing
The Italian data protection authority ('Garante') announced, on 22 December 2022, in its monthly newsletter, the publication of its Decision No. 370, as issued on 10 November 2022, in which it imposed a fine of €10,000 on I-Model s.r.l, for violations of Articles 6(1) and 17 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following a complaint submitted by an individual.
Background to the decision
In particular, the Garante explained that the complainant reported that, after receiving confirmation from I-Model that the personal data in its files had been deleted, they continued to receive SMS messages from I-Model concerning job offers. Further, the Garante reported that I-Model declared that the data was not deleted only due to an error.
Findings of the Garante
Following its investigation, the Garante found that I-Model gave a formal response to the complainant's requests for deletion of personal data on two occasions, merely stating that it had removed the data from the mailing list, but, in fact, continuing to store and process the data without a proper legal basis. In fact, the Garante explained that, since the data subject's consent to the processing of their personal data had been revoked with their deletion request, it follows that the processing subsequently carried out by I-Model was unlawful and with no legal basis, thus violating Article 6(1) of the GDPR.
Outcomes
In conclusion, the Garante imposed a fine of €10,000 on I-Model in light of the aforementioned violations.
You can read the decision, only available in Italian, here.