data protection authority

whose data? what protection? What authority?

what authority?

Chapter 6 of The general data protection act requires eu countries to set up independent supervisory authorities responsilbe for monitoring the Application of the regulation

These authorities have the task of monitoring and enforcing the GDPR (ARt. 57 1.a)

these authorities have the power to warn, reprimand, order compliance and retification, withdraw certification, fine and suspend Data Flow (Art. 58 2.a-J)

the saxon data protection commissioner
(Sächsische Datenschutzbeauftragte)
 is the authority In the FreeState of Saxony

What good are
laws , if the people with the responsilbiity to uphold them can, will or do not?

In February of 2019 I contacted the Saxon Data Protection Commissioner.

What followed was a remarkable exhibition of evasion, culminating in a complete lack of action and leading to my filing
of an official complaint against the Commissioner on March 20, 2020.

Between the pandemy and the usual backlog of an administrative court, the complaint has yet to be litigated.

Late last year, I was informed it might come up this year.

So what exactly did the Sparkasse get relevantly wrong in the act of processing personal data?

That is probably the wrong question. It might be easier to ask, what the Sparkasse got relevantly right. Unfortunately, the answer to date appears to be - NOTHING...

Which takes us back to the first question. If you can read German, the attachments A-G, will give you a good idea. If you do not read German, grab a cosy seat and beverage, because this summary is going to take while.... DENY, LIE and SLANDER