The Dutch bank Theodoor Gilissen Bankiers has paid a fine of €48,000 to the Dutch Personal Data Authorities for non-compliance with the right to access one's own personal data.
In 2006, one of the bank's customers requested access to his personal data: what information did the bank have about him? Where did the data come from? And with whom were they shared?
The bank did not want to provide this information, which was in violation of privacy legislation. A lawyer of the client has submitted a request for enforcement to the Dutch Personal Data Authorities in order to gain access to the data.
After an investigation, the Personal Data Authorities gave the bank 2 months to comply with the right of inspection, with a penalty of €12,000 for each week that the bank failed to comply. In the end, Theodoor Gilissen granted the customer access, 4 weeks after the deadline had expired.