The German federal data protection authority has fined Vodafone €45 million for GDPR violations including a failure to properly oversee the activities of its partner agencies.
https://www.shutterstock.com/g/paschertz
The Federal Institute for Digital Infrastructure (BfDI) announced today that it was penalising the telecoms giant for shortcomings including not adequately checking the agencies working for it, vulnerabilities in the company’s distribution systems, and security flaws in the online customer portal.
Vodafone has accepted the fines and paid them in full. The regulator said that the company has also improved its processes, revised its system for choosing and vetting partner agencies, and ended its relationships with those entities found to have fallen short.
“I would like to emphasize that Vodafone has cooperated with me continuously and without restriction throughout the entire proceedings and has also disclosed circumstances that have incriminated the company itself,” BfDI head Louisa Specht-Riemenschneider said in a statement.
Vodafone was fined €15 million for failings in auditing its partners and €30 million for the security flaws.
The authority used the announcement of the enforcement action to warn that “companies in many industries are experiencing a backlog of investments in the modernisation and consolidation of IT systems” and are cutting back on security as a result.
Vodafone has been contacted for comment.