Greece
Vodafone – PANAFON A.E.E.T.
550,000 €
GDPR enforcement action by Hellenic Data Protection Authority (HDPA) on 2025-06-25.
Rank · Sector
#62
of 366 in Media, Telecoms and Broadcasting
Rank · Greece
#5
of 93
Rank · All fines
#228
of 3,042
Case details
- Authority
- Hellenic Data Protection Authority (HDPA)
- Date
- 2025-06-25
- Controller / Processor
- Vodafone – PANAFON A.E.E.T.
- Sector
- Media, Telecoms and Broadcasting
- Quoted Articles
- Art. 5 (1) d) GDPR, Art. 28 (1), (3) GDPR,
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Greek DPA has imposed a fine of EUR 550,000 on Vodafone – PANAFON A.E.E.T. The controller failed to implement sufficient technical and organisational measures to ensure data security, resulting in a telecommunications shop being able to wrongfully assign multiple SIM cards to an individual. The controller also failed to use a processor that could guarantee the implementation of sufficient technical and organisational measures, and failed to govern the processing with an adequate data processing agreement.
Open original source
Links to the regulator's original publication or another source.
Related fines
Greece
2022-07-13
20,000,000 €
ETid-1268
Clearview Al Inc.
Industry and Commerce
Greece
2022-01-27
6,000,000 €
ETid-1024
Cosmote Mobile Telecommunications S.A.
Media, Telecoms and Broadcasting
Greece
2022-01-27
3,200,000 €
ETid-1025
OTE Group
Media, Telecoms and Broadcasting
Greece
2024-02-28
2,995,140 €
ETid-2284
Hellenic Post (ΕΛΛΗΝΙΚΑ ΤΑΧΥΔΡΟΜΕΙΑ ΑΝΩΝΥΜΗ ΕΤΑΙΡΕΙΑ)
Transportation and Energy
Greece
2024-05-27
400,000 €
ETid-2556
Ministry of Interior (Greece)
Public Sector and Education
Greece
2023-06-12
210,000 €
ETid-1921
Piraeus Bank
Finance, Insurance and Consulting