Belgium
Unknown
25,000 €
GDPR enforcement action by Belgian Data Protection Authority (APD) on 2021-01-22.
Rank · Sector
#268
of 369 in Media, Telecoms and Broadcasting
Rank · Belgium
#18
of 50
Rank · All fines
#951
of 3,050
Case details
- Authority
- Belgian Data Protection Authority (APD)
- Date
- 2021-01-22
- Controller / Processor
- Unknown
- Sector
- Media, Telecoms and Broadcasting
- Quoted Articles
- Art. 5 (1) f), (2) GDPR, Art. 24 GDPR, Art. 32 GDPR, Art. 33 (1), (5) GDPR, Art. 34 (1) GDPR
- Type of violation
- Insufficient technical and organisational measures to ensure information security
Summary
The Belgian DPA fined a mobile operator EUR 25,000. The controller had assigned the data subject's phone number to an unauthorized third party, causing the data subject to lose access to his/her phone number. As the SIM card of the data subject had been deactivated, that would have allowed the third party to access various personal data of the data subject in the period between September 16 and September 19, 2019, such as call history and accounts of various services (e.g. Paypal, WhatsApp and Facebook) associated with the number.
Open original source
Links to the regulator's original publication or another source.
Related fines
Belgium
2020-07-14
600,000 €
ETid-344
Google Belgium SA
Media, Telecoms and Broadcasting
Belgium
2022-04-04
200,000 €
ETid-1116
Brussels Airport Zaventem
Transportation and Energy
Belgium
2024-12-17
200,000 €
ETid-2521
Hospital
Health Care
Belgium
2026-05-12
177,000 €
ETid-3172
Technology Company
Employment
Belgium
2024-01-16
174,640 €
ETid-2225
Black Tiger Belgium
Industry and Commerce
Belgium
2026-05-12
120,000 €
ETid-3174
Isabel SA
Finance, Insurance and Consulting