Web Hosting Firm Slapped With $10 Million GDPR Fine
The German Federal Commissioner for Data Protection and Freedom of Information has imposed a $10.64 million fine on a German telecoms provider, claiming it had not taken sufficient technical and organizations measure to prevent malicious actors and unauthorized persons from achieving access to customer information. The company, 1&1 GmbH, was fined under Article 32 of GDPR which states that a certain level of security should be taken to address the risks that are presented by storing and processing consumer information.
Last year, an investigation commenced after 1&1 gave a customer’s mobile phone number to a former life partner through a customer service helpline. BFDI claims this was insufficient access control to personal data, and opened an investigation. 1&1 Telecom GmbH has stated it is in the process of introducing a new authentication procedure which improves the company’s data protection and technology procedures greatly.