Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

GDPR fine: Hamburg DPA fined Vattenfall €900,000

Hamburg DPA issued GDPR fine to Vattenfall €900,000

On 24 September 2021, the Hamburg Commissioner for Data Protection and Freedom of Information (HmbBfDI) issued a GDPR fine of little over €900,000 to Vattenfall Europe Sales GmbH.

The fine was issued on account of violation of the transparency obligations of the General Data Protection Regulation (GDPR) according to Article 12 and Article 13.

What happened?

From August 2018 to December 2019, Vattenfall routinely checked contract inquiries for special contracts associated with special bonus payments to determine whether the customers were eligible to switch.

This check was intended to prevent customers from concluding such bonus contracts too often, so this offer would continue to be profitable for the company.

As reported in HmbBfDI’s official statement, in order to check the eligibility of customers applying for such special contract, Vattenfall used invoices from previous contractual relationships with these customers since those records must be kept for up to ten years according to tax and commercial law requirements.

However, it was not evident to the customers that such data comparison was taking place, affecting around 500,000 individuals.

Fine was reduced significantly

The HmbBfDI took into account both the data protection rights of customers and the economic interests of the company when defining the final amount of the fine.

HmbBfDI stated that Vattenfall demonstrated cooperation in the process and stopped the non-transparent data comparison immediately which contributed to the significant reduction of the fine.

Following this example, read our article How are GDPR fines defined and calculated in order to learn what the DPA takes into account when imposing a fine and what you can do to reduce it.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top