Recently, a similar case came into light. A German internet service provider received the GDPR fine of €9.6m. The accusation says the company failed to carry out a proper process of customer ID checks.
The data protection watchdog of Germany stated that 1&1 Telecom company provided extensive personal information to an individual on another person just by their names and date of birth.
It is way too easy to gather information of any person through social networks or any other platform which he/she uses. And, that is music to the fraudsters’ ears.
However, the telecom company challenged the rules and regulations. Nevertheless, the firm is in complete denial to accept this decision and thinking to challenge the decision in court.
This turned out to be one of the largest GDPR penalties within the territory of the EU. The company, 1&1 Telecom expressed that this GDPR fine is “absolutely disproportionate”. It says that the regulator’s calculations are based on large scale organisations.
“On that basis, even the smallest discrepancy can result in huge fines”, the data security officer Julia Zirfas complained.
The company explained that it was going through the process of rolling out new security protocols. And, that enabled customers to render a Pin code when they call in.
‘Wake-up call’
The GDPR launched in May 2018. Since then, it granted the power to data protection authorities to impose huge and stricter fines, companies ever heard of. The authorities are also allowed to fine up to €20m which is 4% of companies’ annual revenue.
But, there are a few instances that regulators must consider before imposing a fine on a company. Such as, either the organisation cooperated with their inquiry or not, any previous violation history and whether the breach happened deliberately or mistakenly.
In addition, the BfDI (Federal Commissioner for Data Protection and Freedom of Information) has now got to know that 1&1 Telecom was “transparent and very co-operative” during the inquiry.
The firm is also on its way to bring subtle improvements to its practices. However, the regulator showed its concern with the company’s entire customer base which was at risk.
In October 2019, a German property company received a fine of €14.5m fine, from the same regulator.
He fined the enterprise for offending the Data retention regulation.
And such infringements made Google, British Airways and Marriott Hotels receive greater GDPR-related offences.
Tim Turner, director of 2040 Training told the BBC, “It’s only the second time there’s been a multi-million euro penalty for a straightforward security issue, following a Bulgarian case”.
“Call centres have to balance easy access for customers with sensible verification measures, and this will be a wake-up call for all organisations trying to work out how much security to face callers with.”