The Austrian Post sold detailed personal profiles of approximately 3 million Austrians to various companies and political parties.
Austrian Post fined €18m for GDPR violation
After concluding that Austrian Post had been illegally selling customer data in breach of the GDPR, the Austrian data protection authority has chosen to fine the postal operator €18 million.
The data protection authority found that Austrian Post had analysed customer data to assess whom would vote for which political party they may support, and sold that data on.
Though not banned under the GDPR, the authority also found that Austrian Post had processed data on package frequency and frequency of relocations for the purpose of direct marketing.
The size of the fine was imposed to discourage the postal operator from doing it again. Austrian Post can and will however appeal the decision through the Federal Administrative Court where the fine will either be agreed, dismissed or altered.