German telecoms firm slapped with €10m GDPR fine

People could access sensitive customer data in some cases by only providing a name and date of birth

GDPR readiness

The German data regulator has fined the telecoms giant 1&1 almost €10 million for not taking sufficient measures to prevent unauthorised access to customer data.

The company has been punished because it failed to take measures to adequately protect the data of its customers, meaning extensive customer information could be accessed by just providing the name and date of birth. 

Advertisement - Article continues below

The lack of protections for customer data constituted a violation of Article 32 of the General Data Protection Regulation (GDPR), according to the Federal Commissioner for Data Protection and Freedom of Information (BfDI).

The Federal Commissioner Ulrich Kelber explained the €9,550,000 fine was a clear sign the data regulator would enforce the protection of fundamental rights under GDPR, and that due consideration was taken in the decision.

Despite the severity of the fine, BfDI also noted that 1&1 was transparent and cooperative during the investigation. 

To rectify its processes, the telecoms giant first introduced new authentication steps, before unveiling plans to roll out an authentication procedure with significantly stronger barriers to accessing data.

The BfDI said the fine could have been much higher had 1&1 representatives not been as cooperative as they were during the investigation. The infringement, moreover, was limited to just a handful of customers, despite all customers being at risk. 

Related Resource

Understanding the must-haves of modern data protection

Go beyond traditional backup and recovery

Download now

The data regulator added it would be investigating the customer authentication procedures of rival telecoms companies as a result of its findings. 

Advertisement
Advertisement - Article continues below
Advertisement - Article continues below

The agency has been active in recent months, having previously issued a €14.5 million fine against a housing giant for hanging onto the personal and financial data of former and current tenants longer than necessary.

The fines have been adding up since GDPR came into effect in May 2018, but are blown out of the water when compared with the multi-million-pound penalties issued against the likes of BA and Marriot.

  • compliance
  • General Data Protection Regulation (GDPR)
Featured Resources

Successful digital transformations are future ready - now

Research findings identify key ingredients to complete your transformation journey

Download now

Cyber security for accountants

3 ways to protect yourself and your clients online

Download now

The future of database administrators in the era of the autonomous database

Autonomous databases are here. So who needs database administrators anymore?

Download now

The IT expert’s guide to AI and content management

Your guide to the biggest opportunities for IT teams when it comes to AI and content management

Download now
Advertisement

Most Popular

Visit/mobile/mobile-phones/355239/microsofts-patent-design-reveals-a-mobile-device-with-a-third-screen
Mobile Phones

Microsoft patents a mobile device with a third screen

6 Apr 2020
Visit/security/cyber-security/355271/microsoft-gobbles-up-corpcom-domain-to-keep-it-from-hackers
cyber security

Microsoft gobbles up corp.com domain to keep it from hackers

8 Apr 2020
Visit/server-storage/servers/355254/a-critical-flaw-in-350000-microsoft-exchange-remains-unpatched
servers

A critical flaw in 350,000 Microsoft Exchange remains unpatched

7 Apr 2020