Vodafone Spain fined more than 8 million euros for the RGPD and two infractions of national laws
Case summary: From April 2018 to September 2019, 191 complaints were received for similar cases concerning telephone calls and SMS messages to citizens who had opposed the processing of their data for advertising. In September 2019, a face-to-face inspection was carried out at the headquarters of “Vodafone España, S.A.U.” detecting the absence of continuous monitoring to processor and the lack of organizational and technical means to carry out the commission by the entrusted treatments (art. 28), especially on the ability to avoid advertising actions to those citizens who had exercised their rights of opposition or erasure of their personal data. An international data transfer (Article 44) to third country (Republic of Peru) was also detected from where the processors carried out advertising actions on behalf of the entity responsible for the processing (Vodafone España, S.A.,U.).
It should be added that the supervisory authority, based on its national competences, sanctioned two other penalties relating to two related national laws (General Telecommunications Law and Electronic Commerce Law) with fines of 2,000,000 € and 150,000 €, respectively.
For further information, please contact the Spanish DPA: prensa@aepd.es
