The Federal Data Protection Commissioner Ulrich Kelber has imposed a heavy fine on the telephone provider 1&1 Telecom. Here is the press release.
The BfDI’s reasoning:
“In the case of 1&1 Telecom GmbH, the BfDI had become aware that callers to the company’s customer service department were able to obtain extensive information on further personal customer data simply by providing the name and date of birth of a customer. In this authentication procedure, the BfDI sees a violation of Article 32 DSGVO, which requires the company to take appropriate technical and organizational measures to systematically protect the processing of personal data.
According to t3n, 1&1 intends to take legal action against this fine notice.
Also interesting: GDPR violations: Fine of 195,000 euros against delivery service
Note: This is a machine translation. It is neither 100% complete or 100% correct. We can therefore not guarantee the result.