Italy
Flamel S.r.l.
15,000 €
GDPR enforcement action by Italian Data Protection Authority (Garante) on 2026-02-26.
Rank · Sector
#194
of 597 in Industry and Commerce
Rank · Italy
#240
of 543
Rank · All fines
#1,226
of 3,051
Case details
- Authority
- Italian Data Protection Authority (Garante)
- Date
- 2026-02-26
- Controller / Processor
- Flamel S.r.l.
- Sector
- Industry and Commerce
- Quoted Articles
- Art. 8 GDPR, Art. 11 GDPR, Art. 25 GDPR, Art. 39 GDPR, Art. 42 GDPR, Art. 43 GDPR
- Type of violation
- Non-compliance with general data processing principles
Summary
The Italian DPA has imposed a fine of EUR 15,000 on Flamel S.r.l. The controller had been active in direct marketing activities involving robocalls followed up with telesales. Although Flamel S.r.l. had been a controller in substance, it acted as a data processor. Consequently, the controller failed to fulfil its duties as a data controller, resulting in an unlawfully organised processing chain. Furthermore, the controller could not simply rely on a contractual assurance regarding the consent of data subjects.
Open original source
Links to the regulator's original publication or another source.
Related fines
Italy
2024-02-08
79,100,000 €
ETid-2306
Enel Energia SpA
Transportation and Energy
Italy
2026-03-26
31,800,000 €
ETid-3162
Intesa Sanpaolo S.p.A.
Finance, Insurance and Consulting
Italy
2020-01-15
27,800,000 €
ETid-189
TIM (telecommunications operator)
Media, Telecoms and Broadcasting
Italy
2022-02-10
20,000,000 €
ETid-1098
Clearview Al Inc.
Industry and Commerce
Italy
2020-07-13
16,700,000 €
ETid-336
Wind Tre S.p.A.
Media, Telecoms and Broadcasting
Italy
2024-11-02
15,000,000 €
ETid-2497
OpenAI OpCo LLC
Media, Telecoms and Broadcasting