VDAI (Lithuania) - 3R-728: Difference between revisions
mNo edit summary |
m (→Holding) |
||
| Line 71: | Line 71: | ||
=== Holding === | === Holding === | ||
The DPA carried out an ex officio investigation on | The DPA carried out an ''ex officio'' investigation on UAB Diagnostikos laboratorija (the controller). The controller provides medical tests and processes the personal data of about 1 million individuals. The investigation focused on the handling of access requests. | ||
== Comment == | == Comment == | ||
The DPA found that the controller did not | The DPA found that the controller did not have a specific storage period for the documents related to the processing of an access request. For this reason, the DPA held that the controller violated [[Article 24 GDPR#1|Article 24(1) GDPR]]. | ||
Additionally, the DPA found that after receiving a request, the controller did not inform the data subject about the timeframe for processing the request. The DPA considered this a violation of [[Article 12 GDPR#3|Article 12(3) GDPR]]. | |||
The DPA ordered the data subject to address these shortcomings. | |||
The DPA found no other issues with the processing of access requests. In particular, the content of the response was complete and appropriate, and the controller implemented correct criteria for assessing whether a request was manifestly unfounded or excessive. | The DPA found no other issues with the processing of access requests. In particular, the content of the response was complete and appropriate, and the controller implemented correct criteria for assessing whether a request was manifestly unfounded or excessive. | ||
Revision as of 08:10, 24 June 2025
| VDAI - 3R-728 | |
|---|---|
| [[File:|center|250px]] | |
| Authority: | VDAI (Lithuania) |
| Jurisdiction: | Lithuania |
| Relevant Law: | Article 12(3) GDPR Article 24(1) GDPR |
| Type: | Investigation |
| Outcome: | Violation Found |
| Started: | |
| Decided: | 17.06.2025 |
| Published: | |
| Fine: | n/a |
| Parties: | UAB Diagnostikos laboratorija |
| National Case Number/Name: | 3R-728 |
| European Case Law Identifier: | n/a |
| Appeal: | Unknown |
| Original Language(s): | Lithuanian |
| Original Source: | VDAI (in LT) |
| Initial Contributor: | cci |
Following an ex officio investigation, the DPA ordered a medical services provider to set storage periods for documents related to the processing of access requests, and to inform requestors about the time frame for response.
English Summary
Facts
The DPA carried out an ex officio investigation on how medical tests provider UAB Diagnostikos laboratorija (the controller) handled access requests. The controller processed personal data for about 1 million individuals.
Holding
The DPA carried out an ex officio investigation on UAB Diagnostikos laboratorija (the controller). The controller provides medical tests and processes the personal data of about 1 million individuals. The investigation focused on the handling of access requests.
Comment
The DPA found that the controller did not have a specific storage period for the documents related to the processing of an access request. For this reason, the DPA held that the controller violated Article 24(1) GDPR.
Additionally, the DPA found that after receiving a request, the controller did not inform the data subject about the timeframe for processing the request. The DPA considered this a violation of Article 12(3) GDPR.
The DPA ordered the data subject to address these shortcomings.
The DPA found no other issues with the processing of access requests. In particular, the content of the response was complete and appropriate, and the controller implemented correct criteria for assessing whether a request was manifestly unfounded or excessive.
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the Lithuanian original. Please refer to the Lithuanian original for more details.
