The Italian Data Protection Authority (Garante per la protezione dei dati personali) last month issued a €27,802,946 fine to telecoms company TIM S.p.A for several GDPR (General Data Protection Regulation) infringements and a lack of accountability.
The unlawful practices, which occurred between 2017 and 2019, affected millions of individuals, some of whom were not even TIM S.p.A customers. They received unsolicited marketing calls from the organisation without having provided consent, or having previously opted out of being contacted.
The extent of the breach
The infringements included:
- Customers and non-customers being contacted up to 155 times within a month;
- Failure to update opt-out lists when customers explicitly stated on the phone that they did not wish to be contacted;
- Commercial partners making promotional calls to customers who were not present on TIM S.p.A’s opt-in lists;
- Retaining customer data for longer than necessary;
- Inconsistencies in transparency of data processing and acquisition through the organisation’s apps ‘My TIM’, ‘TIM Personal’ and ‘TIM Smart Kid’; and
- Lack of management with regard to notifying the Data Protection Authority of a breach without undue delay, and to dealing with data subject access requests in a timely manner.
GDPR compliance is crucial for organisations
Whether you’re concerned about GDPR fines or satisfying stakeholders by securing their data, one thing everybody can agree on is that regulatory compliance is essential for long-term success.
Of course, the two are related, with the threat of punishment being the incentive some organisations need to recognise the importance of protecting data subjects’ personal information.
Those who want to know how to get started with GDPR compliance should take a look at our GDPR Implementation Bundle.
This package provides you with all the resources you need to simplify your compliance project, saving you time and money.
- EU GDPR – An Implementation and Compliance Guide, Third edition (Adobe eBook), which gives an easy-to-understand breakdown of your compliance requirements;
- The EU GDPR Compliance Gap Assessment Tool, which identifies any areas of non-compliance; and
- The GDPR Toolkit, which contains a comprehensive list of templates to help you document your compliance activities.