Home

Some companies that have chosen us

Privacy Officer and Privacy Consultant
CDP Scheme according to ISO/IEC 17024:2012
European Privacy Auditor
ISDP©10003 Certification Scheme according to ISO/IEC 17065:2012
Auditor
According to standard UNI 11697:2017
Lead Auditor ISO/IEC 27001:2022
According to standard ISO/IEC 17024:2012
Data Protection Officer
According to standard ISO/IEC 17024:2012
Anti-Bribery Lead Auditor Expert
According to standard ISO/IEC 17024:2012
ICT Security Manager
According to standard UNI 11506:2017
IT Service Management (ITSM)
According to the ITIL Foundation
Ethical Hacker (CEH)
According to the EC-Council
Network Defender (CND)
According to the EC-Council
Computer Hacking Forensics Investigator (CHFI)
According to the EC-Council
Penetration Testing Professional (CPENT)
According to the EC-Council

Professional qualifications

Stay up-to-date with world news!

Select your topics of interest:

News

Home / News
/
ITALIAN SUPERVISORY AUTHORITY: the Authority sanctions Iren with a fine of 3.000.000 EUR

ITALIAN SUPERVISORY AUTHORITY: the Authority sanctions Iren with a fine of 3.000.000 EUR

The consent shall be acquired for each step of data among more data controllers.

The consent, initially issued by a client to a society also for thirds promotional activities, shall not extend its effectiveness also to subsequent supplies to other data controllers. Those supplies will not be supported by the specific and informed consent of the data subject.

Based on this principle, the Italian Data Protection Authority has sanctioned fine a with of 3.000.000 EUR Iren Mercato S.p.A., which is a society that is working in the energetic sector, for not having verified that all the step of recipient’s of promotions data where covered by the consent. After different complaints and reports the Authority has investigated on the society and discovered that it has processed personal data for telemarketing activities, that has not directly recollected, but that it has acquired from other sources. Iren has obtained personal lists by a S.r.L, that in its turn, has acquired, as a independent data controller, by other two companies. Those last companies have obtained the consent of potential clients for the telemarketing carried out by theirs and third parties, but this consent does not cover the passage of those data from the S.r.l. to Iren.

The amount of the sanction applied by the Authority has been motivated also by the fact that personal list, without all the necessary consent and of which the Authority has prohibited the usage for promotional purposes, refer to million different people. The Authority has also made a warn to the society for having provided a representation and an incomplete documentary evidence during the investigation.

SOURCE: AUTORITA’ PER LA PROTEZIONE DEI DATI DELL’ITALIA – GPDP

Recommended to you

Advanced Research