The next fine in the millions – EUR 9.55 million fine for a telecommunications service provider

The next fine in the millions -EUR 9.55million fine for a telecommunications service provider

After it became public at the beginning of November that the Berlin data protection authority had imposed a fine of EUR 14.5 million on a real estate company, the next million euro fine is following.

The federal data protection authority has now imposed a EUR9.55 million fine on a telecommunications service provider.

The company is accused of not having taken sufficient technical and organisational measures in accordance with Art. 32 GDPR to prevent unauthorised persons from obtaining information on customer data during telephone customer service. It was possible for callers to obtain extensive information on other personal customer data simply by giving the name and date of birth of a customer. According to the authority’s own statement, the telecommunications service provider was highly cooperative and began to change its telephoneauthentication process after notification.

Despite this cooperation, the authority considered a fine of EUR 9.55 million to be necessary. It was not an infringement affecting only a small number of persons, but a risk for the entire customer base. Because of the willingness to cooperate, the fine was in the lower range of the possible fine framework, the authority said.

The telecommunications service provider has announced that it will file a lawsuit against the fine.

For more information please contact:

Thomas Hertl                       Adrian Kowalski