Vodafone Spain falls foul of GDPR regs (again)

Oops, we did it again.

Vodafone Spain found itself back in the dock for breaching the European Union's (EU) General Data Protection Regulation (GDPR), which is designed to "protect and empower all EU citizen's data privacy."

Small bills: It's groundhog day for Vodafone Spain with yet another GDPR fine. (Souce: Portuguese Gravity on Unsplash)
Small bills: It's groundhog day for Vodafone Spain with yet another GDPR fine.
(Souce: Portuguese Gravity on Unsplash)

La Agencia Española de Protección de Datos (AEPD), Spain's data protection agency, slapped the operator with a €75,000 (US$88,000) fine for what it called an unlawful processing of a customer's personal data.

According to AEPD, a former Vodafone customer continued to receive marketing messages via SMS after having asked the operator to delete personal data from the company's database.

One of the provisions of GDPR is that EU citizens have the right to be "forgotten," which means scrubbing personal data from databases upon request.

According to Vodafone, the whole episode is nothing more than an unfortunate mix-up.The customer's number, claimed the operator, had been wrongly used as a "dummy number" by employees and collaborating agents. The reason? Because it was "easy to remember." AEPD has given Vodafone Spain two months to appeal its decision.

Another fine mess
This is not the first time that Vodafone Spain has been in bother for flouting GDPR regs. In a recent listing by Skillcast, logging the biggest GDPR fines for breaches in 2020, the operator came in sixth.

Want to know more about 5G? Check out our dedicated 5G content channel here on
Light Reading.

In February 2020, AEPD handed out fines to Vodafone Spain, totaling €302,000 ($356,000), after various GDPR violations.Top brass at the Spanish operator might console themselves in that they have gfot off fairly of in the fines department when compared with Telecom Italia (TIM), which occupies the unenviable number one position on the Skillcast ranking.

In February, Italian data protection regulator Garante slammed TIM with a €27.8 million fine after receiving "hundreds of complaints" from disgruntled customers unhappy about slap-dash treatment of their personal data.

Under GDPR regs, which came into force in May 2018, companies can be fined up to 4% of annual turnover, or €20 million ($23.6 million) – whichever is the higher – for non-compliance.

Related posts:

— Ken Wieland, contributing editor, special to Light Reading

Be the first to post a comment regarding this story.
Sign In