GDPR fine for Austrian post office

GDPR fine issued to the Austrian Post is nothing short of sensationalistic. However, it is not just a sensational title it is very much a reality.

Austrian Data Protection AuthorityDatenschutzbehörde or DPA, has issued an €18 million GDPR fine (plus  1.8 million costs of investigation) to the Austrian national postal service on 23 October 2019.

For a postal service to receive fine of such magnitude, you are probably asking yourself what happened?

The story started to unravel earlier this year when the public was informed that 2.2 million data sets were used to determine or outline the political affinity of Austrian citizens.

The Post then used that data to offer marketing services to various political parties for advertising. Prompted by the numerous complaints and data subject requests to the Post, the Supervisory authority launched an investigation.

 

 

Interestingly enough, while conducting the investigation, the DPA encountered more GDPR violations.

Apparently, the Austrian Post was processing data related to the frequency of the packages that were delivered to a certain address and how frequently do individuals move to a new address without any legal basis for it.

However, the Austrian Post Office has a right to appeal, so the verdict is not yet legally binding.

The amount of the GDPR fine definitely implies the seriousness of the violation but is it just a warning, remains to be seen.

GDPR fine for the Austrian Post is just one in a series of fines recently issued. Be sure to read more on this topic.

Blogpost: Shopping in Poland just became pricy- new GDPR fine