On 24 September 2021, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) issued a GDPR fine of little over €900,000 to Vattenfall Europe Sales GmbH.
The fine was issued on account of violation of the transparency obligations of the General Data Protection Regulation (GDPR) according to Article 12 and Article 13.
What happened?
From August 2018 to December 2019, Vattenfall routinely checked contract inquiries for special contracts associated with special bonus payments to determine whether the customers were eligible to switch.
This check was intended to prevent customers from concluding such bonus contracts too often, so this offer would continue to be profitable for the company.
As reported in HmbBfDI’s official statement, in order to check the eligibility of customers applying for such special contract, Vattenfall used invoices from previous contractual relationships with these customers since those records must be kept for up to ten years according to tax and commercial law requirements.
However, it was not evident to the customers that such data comparison was taking place, affecting around 500,000 individuals.
Fine was reduced significantly
The HmbBfDI took into account both the data protection rights of customers and the economic interests of the company when defining the final amount of the fine.
HmbBfDI stated that Vattenfall demonstrated cooperation in the process and stopped the non-transparent data comparison immediately which contributed to the significant reduction of the fine.
![Pseudonymization according to the GDPR [definitions and examples]](https://dataprivacymanager.net/wp-content/uploads/2019/11/Pseudonymization-according-to-the-GDPR-definitions-and-examples-768x402.png)
