Germany's Data Protection Supervisor has imposed one of the highest fines so far on Infringement of the EU General Data Protection Regulation (DSGVO) Freedom of Information (BfDI) for failing to provide "sufficient technical and organizational measures" to protect customer data in its call centers hold true.
In a press release announcing the fine, Federal Commissioner Ulrich Kelber explained why privacy was so high. Englisch: www.eu2006.gv.at/en/News/Press_Rele…enstein.html To impose: "Data protection is protection of fundamental rights, and the fines imposed are a clear sign that we will enforce this protection of fundamental rights." Insufficient security of personal data. We apply these powers, taking due care. "
According to BfDI, the data protection officer condemned 1 & 1 Telecom after he found that callers could go to his call center to obtain customer information, simply enter their name and date of birth, which means that the customer's personal information has not been properly protected the BfDI said the company had violated Article 32 of the GDPR:
"The BfDI had become aware that callers in the company's customer service were able to obtain extensive information on additional personal customer data, including the name and name of the customer Date of birth of a customer The BfDI sees this violation as an infringement Article 32 of the GDPR, according to which the company is obliged to take appropriate technical and organizational measures to systematically protect the processing of personal data.
As the BfDI criticized 1 & 1 Telecommunications' inadequate privacy, an additional step was added to request additional information prior to retrieving customer data and the company also plans to provide each customer with a personal access service PIN shortly
1 & 1 Telecommunications will contest the fine on the grounds that this is disproportionate but that the BfDI has succeeded in transmitting the message which is under the GDPR's customer data.
About Bank Information Security