The Dutch Data Protection Authority has imposed a penalty of 48,000 euros on Theodoor Gilissen Bankiers (TGB) for violating privacy legislation. TGB, now known as InsingerGilissen Bankiers, provided market trading services to the customer involved.
This customer made a request to TGB in 2016 to inspect his personal details. He wanted an overview of the personal data that the bank had of him, the origin of the data and with whom the data was shared.
The bank refused to give the customer access to the requested data, even though it is required to do so. Arguing that the bank's failure to provide the data constituted a violation of privacy legislation, the customer's lawyer submitted a request for enforcement to the Dutch Data Protection Authority with the aim to gain access to the requested data.
After investigating, the Data Protection Authority gave the bank 2 months to give access to the data. In order to enforce this, the Data Protection Authority imposed an order subject to a penalty of €12,000 for each week that the bank did not fully comply with the inspection request, up to a maximum of €60,000.
Four weeks after the expiration of the two-month period, at the end of 2017, the bank provided a complete overview of the customer's data. In following with the previously set terms, the Dutch Data Protection Authority issued €48,000 in penalty payments to the bank.
TGB has objected to the amount of the fines and has appealed the decision of the Dutch Data Protection Authority.