Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Italy: Garante fines Cribis Credit Management €10,000 for violating basic data protection principles
The Italian data protection authority ('Garante') issued, on 9 June 2022, its decision in Case No. 215, in which it imposed a fine of €10,000 on Cribis Credit Management s.r.l., for violation of Articles 5(1)(a), 5(1)(c), and 6 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following a complaint submitted by an individual.
Background to the case
In particular, the Garante reported that the complainant had lamented a breach of the GDPR by Cribis Credit Management, which, in the interest of Sky Italia S.r.l., had sent multiple emails, concerning the payment of an invoice relating to the termination for default of the complainant's Sky subscription, to the company email address of a third party, specifically an employee of the company for which the complainant acts as representative.
Findings of the Garante
Further to the above and based on the elements acquired in the course of the investigation, the Garante found that Cribis Credit Management, given impossibility to contact the complainant by phone, had used an email address found online to contact the complainant, believing that the same belonged to the actual debtor, rather than to a third party. In light of the established facts, the Garante held that Cribis Credit Management had violated Articles 5(1)(a), 5(1)(c), and 6 of the GDPR.
Subsequently, the Garante, based on the nature of the violations occurred, imposed an administrative fine on Cribis Credit Management, and in quantifying the same, it took into account, among other factors, the degree of liability of Cribis Credit Management, for failing to comply with data protection rules, despite clear guidance to debt collection operators issued by the Garante since 2005.
Outcomes
In conclusion, the Garante imposed the aforementioned fine and ordered the publication of the decision on its website as an ancillary sanction. Lastly, the Garante highlighted that Cribis Credit Management may lodge an appeal before the ordinary judicial authority within 30 days.
You can read the decision, only available in Italian, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
