The Federal Commissioner for Data Protection has imposed fines totalling €45 million on Vodafone GmbH. The reasons for this were inadequate controls of partner agencies, fraudulent contracts and serious security breaches in customer authentication, which allowed unauthorised third parties to access eSIM data, among other things.
Vodafone subsequently modernised its systems, reassessed its partner agencies and revised its data protection processes. The BfDI praised the company’s cooperation and transparency during the proceedings.
The Federal Commissioner’s message is clear: investing in IT security and data protection not only protects customer data, but also trust in digital services. Careful GDPR checks of service providers and partners can minimise significant risks at an early stage. We are happy to support you in this.