Vodafone España, S.A.U.

€54,000

Non-compliance with general data processing principles

Fecha de la decisión

4 de enero de 2021

Autoridad

Spanish Data Protection Authority (aepd)

ES

Sector

Media, Telecoms and Broadcasting

País

ES

Ley

GDPR

Estado

FINAL

Descripción

The data subject had concluded a contract with the controller (Vodafone España, S.A.U.). However, the products provided under this contract were not delivered in the name of the data subject, but in the name of a third party. Subsequently, the data subject contacted the company's data protection officer by e-mail in order to restore the accuracy of his/her data stored at Vodafone. However, no response was received to this request. When the data subject finally contacted the telecommunications company by telephone, he/she was addressed by the name of the third party. His/her inquiry was answered with a response that did not refer to his/her inquiry, but to the inquiry of the third party. According to the telecommunications company, the incident was caused by a defect in their system due to a system migration. The Spanish DPA (AEPD) initially fined Vodafone España, S.A.U. EUR 90,000, but the original fine was reduced to EUR 54,000 due to the timely payment and admission of guilt.

Citas legales

Art. 5 (1)

Problemas e infracciones

Non-compliance with general data processing principles
Ver documento oficial
Volver a la base de datos de multas
Multa anterior
Austrian Data Protection Authority (dsb) - Private...
Siguiente multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Manténgase al día sobre la aplicación de las normas de protección de la intimidad

Respetamos su intimidad. Un correo electrónico al mes, sin spam, darse de baja en cualquier momento.