Administrative fine in the amount of EUR 525 000 applied by Dutch Data Protection Authority to DPG Media Magazines for the infringement of article 12 (2) GDPR
The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about the administrative fine in the amount of EUR 525 000 applied by Dutch Data Protection Authority (SA) to DPG Media Magazines for the infringement of article 12 (2) GDPR, namely for unnecessarily requesting copies of identity documents.
The Dutch SA received various complaints regarding how Sanoma Media Netherlands B.V. (before Sanoma was taken over by DPG Media in April 2020) handled requests from people to view their data or have their data deleted. Anyone who wanted to know what personal data of theirs Sanoma and DPG Media kept or who wanted their data deleted was required to first upload or send in a copy of their identity document. What’s more, when sending such a copy electronically, they were not informed by Sanoma and DPG Media that they could redact certain data. Even if parts are redacted, it will often be disproportionate to require a copy of an identity document in order to confirm that a person really is who they claim to be.
The company thus made it overly complicated for customers to access their data or have their data deleted. After taking over Sanoma, DPG Media changed its practices. DPG Media now confirms the identity of a person requesting access to their data or deletion of their data by sending a verification email. The violation is therefore no longer being committed.
Administrative fine in the amount of EUR 525 000 applied by Dutch Data Protection Authority was contested by DPG Media Magazines.
The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.