The Greek Data Protection Authority (DPA), the independent body established to supervise the protection of private citizens’ personal data, imposed a fine worth €150,000 on the country’s Ministry of Citizen Protection for violating the relevant law in the process of issuing the new identity card (ID).
Following an investigation, the DPA found that the Greek Police, the service responsible for issuing the new ID cards to Greeks, failed to inform the recipient of the IDs sufficiently, as stipulated by the General Data Protection Regulation (GDPR).
According to reports, the Hellenic Police (EL.AS.) had published information on their website regarding data processing, but this information was deemed incomplete, delayed, and partially incorrect by the DPA.
Specifically, the Greek Data Protection Authority claimed the notice was not posted in a timely manner, and citizens did not receive clear information about how their biometric data, such as fingerprints and photographs required for the issuance of the new ID cards, would be processed.
The inquiry by the DPA started in September last year when a citizen filed a complaint with the body after his previous queries to the police department about the processing of personal data related to the new IDs were completely ignored.