Wind Tre S.p.A. an Italian company, has been fined for violating the privacy rights of its users under the GDPR (The General Data Protection Regulation).
According to the report published by the Italian DPA (Data Protection Authority), the company processed personal data for marketing purposes. Users complained about receiving messages, emails and faxes without their consent. They stated that they did not have the opportunity to withdraw this unlawful consent as the contact information was unclear and difficult to access.
Following the investigation, it was found that MyWind and My3 apps were requiring a set of consents for different data processing but the possibility to revoke was offered to users only after 24 hours.
‘Beyond these “system” gaps, the investigations by the DPA have highlighted several serious offences in the supply chain of Wind Tre’s commercial partners, even with improper activation of contracts. For these violations, one of the partners of the telephone operator – who had subcontracted entire phases of the processes to call-centres that collected data illegally – was fined €200,000 by the Guarantor and the prohibition to use the data collected and processed by agents present on the national territory (called “procurers”) in total disregard of the rules on data protection. ”
Wind Tre S.p.A.’s defence statements were not convincing enough for the Italian DPA who fined it with approximately €17 Million Euro for GDPR violations and banned it from processing data without users consent and from disturbing them with marketing communications.
Sovy’s GDPR Essentials can help you meet the requirements of the GDPR:
- Walk through a data mapping exercise and build your data inventory.
- Train your employees with industry-standard eLearning courses.
- Maintain your compliance program in the cloud
- Manage cookie consent and data rights