Vodafone – PANAFON A.E.E.T.: Insufficient technical and organisational measures to ensure information security

The Greek DPA has imposed a fine of EUR 550,000 on Vodafone – PANAFON A.E.E.T. The controller failed to implement sufficient technical and organisational measures to ensure data security, resulting in a telecommunications shop being able to wrongfully assign multiple SIM cards to an individual. The controller also failed to use a processor that could guarantee the implementation of sufficient technical and organisational measures, and failed to govern the processing with an adequate data processing agreement.

GDPR Articles: Art. 5 (1) d) GDPR, Art. 28 (1), (3) GDPR,
Industry: Media, Telecoms and Broadcasting