Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Spain: AEPD fines Vodafone €48,000 for GDPR violations

The Spanish data protection authority ('AEPD') issued, on 28 February 2020, a resolution ('the Resolution') in proceedings PS/00212/2019, fining Vodafone ONO, S.A.U. €48,000 for violations of Article 32 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the AEPD held that Vodafone’s negligent unintentional action in assigning two individuals the same security access code resulted in violations against Article 32 of the GDPR in failing to implement appropriate technical and organisational measures to ensure a level of security appropriate to the risk. In addition, the Resolution notes that aggravating factors included, negligent unintentional action related to significant data that allow the identification of a person and the involvement of basic personal identifiers.

You can read the Resolution, only available in Spanish, here.