Fine against insurance company
An insurance company from Cyprus tried to expand its customer base via telemarketing. Since they had no telephone numbers, software was used, which randomly generated telephone numbers. The company sent text messages (sms) to these telephone numbers.
A total of eight people complained at the local data protection authority, so a investigation was initiated. In the process, the company justified its approach. Since the phone numbers were randomly generated, they are not personal data.
The regulator denied the insurance company’s view and fined it € 4,000 for illegal data processing. It was clarified that also randomly generated data sets are considered as personal data, as in this case the subscriber can be clearly identified.
You are unsure your company processes personal data legally or wants to ensure that the existing data has been collected legally compliant? Then we recommend easyGDPR lite. With this easy-to-use GDPR-software you solve all the requirements of the General Data Protection Regulation with little effort. Visit our shop today and purchase your license.
Type of Issue:
Illegal data processing
Number of involved data records:
Special category of data involved:
Violation of GDPR Paragraph:
6. Lawfulness of processing