Luke Irwin reports:
Edison Energia has been given a €4.9 million fine after breaching several requirements of the GDPR (General Data Protection Regulation). The infringements include:
- The failure to obtain free, specific, informed and documented consent to disclose personal data;
- Sending unsolicited promotional communications; and
- Failing to provide transparent information about data processing activities.
The breaches were discovered after customers reported that they’d received unsolicited phone calls and encountered deficient or inaccurate privacy policies.
They also said that they had been denied the option of exercising their data subject rights, such as accessing the information that Edison Energia stored on them and objecting to the way personal information was processed.
The complaints led to an investigation by Italy’s data protection authority, the Garante, and the subsequent issuing of a fine.
Read more at IT Governance European Blog.