Penalty against insurance company
An insurance company from Cyprus tried to expand its customer base via telemarketing. Since no phone numbers were available, software was used that randomly generated the phone numbers. Then text messages (SMS) were sent to these numbers in the hope that they were also assigned to a connection.
A total of eight contacted persons complained to the local supervisory authority, and an investigation was therefore initiated. In the proceedings, the company justified its approach. Since the telephone numbers were generated at random, they were not personal data.
The supervisory authority negated the insurance company’s view and sentenced it to a fine of €4,000 for unlawful data processing. In this context, it was clarified that randomly generated data sets are also considered personal data, as in this case the connection owner can be clearly identified. In this context, the definition from paragraph 4 of the General Data Protection Regulation must be observed.
Are you unsure whether your company processes personal data in a legally compliant manner or do you want to ensure that the existing data has been collected in a legally compliant manner? Then we recommend easyGDPR lite. With this easy-to-use DSGVO software, you solve all the requirements of the General Data Protection Regulation with little effort. Visit our online store today and purchase your license of easyGDPR.
Entscheidungsdatum:
13.03.2019
Land:
Cyprus
Art des Verstoßes:
Illegal data processing
Betroffene Datensätze:
8
Waren sensible Daten betroffen?:
No
verhängte Geldstrafe:
€ 4,000,-
Violation of GDPR Paragraph:
6. Lawfulness of processing
Quelle:
Decision of the Cyprus Data Protection Authority (Cypriot)