Spanish Data Protection Authority Imposes the Largest Ever Local GDPR Fine

On March 11, 2021, the Spanish Data Protection Authority (AEPD) has fined telecom company Vodafone €8.15 million ($9.7 million) for repeated violations of the General Data Protection Regulation and Spanish law.  This is the largest fine imposed by the AEPD.

The decision was issued in response to almost 200 complaints made regarding Vodafone’s data processing and consent practices.  The AEPD concluded that Vodafone made international data transfers without taking required measured under the GDPR and made marketing calls and sent marketing communications without customers’ request or consent, even when customers expressly opted out of such communications.

Furthermore, Vodafone failed to implement organizational and technical controls to verify the origin and legality of processed data and lacked the capacity to determine whether individuals have opted out of marketing and third-party communications.  According to the Authority, one of the reasons for these failures was Vodafone’s outsourcing of its services to third-party providers.

The Spanish Authority’s record fine is not the first time that the company finds itself in hot legal waters over its privacy-related practices.  Between January 2018 and February 2020, Vodafone had received over 50 warnings and fines.  Last November, the Italian Data Protection Authority also imposed a €12.25 million fine on Vodafone for unlawfully processing personal data of millions of users for telemarketing purposes.

Take a tour of Clarip’s patented data privacy technology and learn how Clarip can help your enterprise comply with emerging state level data subject rights regulations. Call Clarip today at 1-888-252-5653 or schedule a Demo Online!