On May 21, 2024, the Italian data protection authority (Garante) published its decision in Case No. 204 as issued on April 11, 2024, in which it imposed a fine of €100,000 on Olimpia Srl (Olimpia) for violations of the General Data Protection Regulation (GDPR) following complaints.

Background to the decision

The investigation was carried out by the Garante following 18 reports and two complaints made against Olimpia regarding unwanted promotional calls made without individuals' consent or through using registered numbers on the Do Not Call Registry. Additionally, the Garante also received reports that the company processed personal data belonging to whistleblowers.  

Findings of the Garante

Following its investigation, the Garante determined that Olimpia had violated Articles 5(1)(a), 5(2), 6(1)(a), and 24(1) of the GDPR.

Outcomes

In light of the above, the Garante imposed the abovementioned fine. Additionally, the Garante imposed a prohibition of any further processing of the data of whistleblowers and ordered Olimpia to do the following:

• communicate to interested parties the outcome of the Garante's investigation;

• to prepare adequate controls within its sales network to exclude contracts generated by illicit contacts; and

• to communicate to the Garante, within 30 days of notification, the initiatives undertaken to implement the abovementioned measures.

You can read the newsletter here and the decision here, both only available in Italian.