Details:
| Summary | The Belgian DPA fined a mobile operator EUR 25,000. The controller had assigned the data subject’s phone number to an unauthorized third party, causing the data subject to lose access to his/her phone number. As the SIM card of the data subject had been deactivated, that would have allowed the third party to access various personal data of the data subject in the period between September 16 and September 19, 2019, such as call history and accounts of various services (e.g. Paypal, WhatsApp and Facebook) associated with the number. |
| Link: | link |
| Related articles: | Art. 5 (1) f), (2) GDPR, Art. 24 GDPR, Art. 32 GDPR, Art. 33 (1), (5) GDPR, Art. 34 (1) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 25,000 |
| Sector | Media, Telecoms and Broadcasting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/