The Italian DPA issues a monetary penalty of 2.8 million euros for unlawful processing of personal data during a marketing campaign.
- Authority: Garante per la protezioni del dati personali -Italian DPA-.
- Sanctiones society: TIM telecommunications Enterprise.
- Monetary Penalty: 2.800.000 euros.
- Infraction: art. 5 / 6 / 17 / 21 / 32 GDPR.
- Activity: Telemarketing
- Link: link
Unlawful processing of personal data regarding phone calls during a marketing campaign carried out by the company and third related parties. The lack of diligence in the enterprise behaviour concern up to million people. As an example, one particular was called one hundred fifty times during a one month period.
The Italian DPA was satisfied of the inexistence of:
- The due consent of the interested parties when making marketing phone calls.
- Any protocol to ensure the lawfulness of the processed data.
- Any protocol that ensures the effectiveness of the data subjects rights.
- Control over the centre calls.
Inefficient mechanisms to deal with a security breach.
Moreover, the Garante imposesa series of corrective measures in light of art. Fifty eight point 2 of the GDPR, prohibiting TIM from processing data related to the marketing of persons who have refused to receive promotional calls, those who requested to be included in the “opt-out” list, and persons who are not customers of TIM.