Vodafone España, S.A.U.

Περιγραφή

The Spanish DPA has imposed a fine on Vodafone España, S.A.U.. A woman filed a complaint against the controller based on the fact that the controller had sent telephone bills belonging to a third party to her e-mail address. After bringing this to the attention of the controller, she received no response. Thereupon, she contacted the controller by telephone in this regard. However, none of the employees were able to help her with this concern. The DPA concluded that the controller had violated the principle of integrity and confidentiality set out in Art. 5 (1) f) GDPR, and that the controller had failed to implement technical and organizational measures to ensure a level of security appropriate to the risk to the data subjects. The original fine of EUR 50,000 was reduced to EUR 40,000 due to voluntary payment.