$10 Million GDPR Fine Imposed on German Telco 1&1
The German data protection regulator, the Federal Commissioner for Data Protection and Freedom of Information (BfDI), has imposed a €9.55 million ($10.64) GDPR fine on German telecoms provider 1&1 Telecom GmbH. This is described as being "in the lower range of possible fines" primarily because of 1&1's cooperative response to the regulator's investigation.
The fine was imposed under Article 32 of GDPR. Paragraph 2 states, "In assessing the appropriate level of security account shall be taken in particular of the risks that are presented by processing, in particular from accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to personal data transmitted, stored or otherwise processed."
BfDI said in a statement, "In connection with their telephone customer service, the company had not taken sufficient technical and organizational measures to prevent unauthorized persons from being able to obtain customer information."
The investigation commenced following a complaint from a customer whose personal mobile phone number was given by 1&1's customer helpline to a former life partner in 2018. Since the former partner already knew a lot of details, the helpline provided the phone number after being given the complainant's name and date of birth. According to BfDI, this was insufficient 'access control' for access to personal data.
1&1 cooperated with the investigation. "Following consultation with the BfDI, 1&1 Telecom GmbH is currently in the process of introducing a new authentication procedure which is significantly improved in terms of technology and data protection." Nevertheless, the regulator felt compelled to issue a fine because the infringement could have potentially affected 1&1's entire customer base.
Despite saying the fine was in the ..
Support the originator by clicking the read the rest link below.
