Details:
Summary | The Italian DPA has fined Enel Energia SpA EUR 79.1 million due to its lack of compliance with technical and organisational measures aimed at limiting the potential abuses by agencies that unlawfully performed telemarketing activities. According to the DPA, Enel Energia acquired as many as 978 contracts from four different previously sanctioned companies, even though they did not belong to the energy company’s sales network. Moreover, following subsequent inspections at Enel Energia, the DPA ascertained that the information systems used for customer management and service activation by the company showed the abovementioned serious security shortcomings. Enel failed to put in place all the necessary measures to prevent the unlawful activities of unauthorised agents who fuelled for years an illicit business carried out through nuisance calls, service promotions, and the signing of contracts with no real economic benefits for customers by identifying easy ‘front doors’ in the company’s information systems. |
Link: | link link |
Related articles: | Art. 5 (1) f) GDPR, Art. 5 (2) GDPR, Art. 24 (1) GDPR, Art. 25 GDPR, Art. 28 GDPR, Art. 32 GDPR |
Type: | Insufficient technical and organisational measures to ensure information security |
Fine: | EUR 79,100,000 |
Sector | Transportation and Energy |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/