Vodafone GmbH – €45,000,000 Fine (Germany, 2024)

€45,000,000Bundesbeauftragter für den Datenschutz1 January 2024Germany
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone GmbH was fined €45 million for failing to supervise a third-party agency that handled customer data. This failure led to fraud against its customers, showing how important it is for companies to manage their partners carefully. The ruling emphasizes the need for strong security measures to protect personal information.

What happened

Vodafone GmbH was fined for not properly supervising a third-party agency that defrauded its customers.

Who was affected

Vodafone's customers whose personal data was compromised were affected.

What the authority found

The data protection authority found that Vodafone did not implement sufficient measures to protect customer data, violating GDPR requirements.

Why this matters

This ruling highlights the responsibility companies have to ensure their partners protect customer data. Businesses should review their vendor management practices to avoid similar issues.

GDPR Articles Cited

AI-verified

Art. 28(1) GDPR
View original scraped data
Art. 28(1) GDPR

Original data from scraper before AI verification against source document.

Source verified 4 March 2026
date discrepancy
Germany enforcementBundesbeauftragter für den Datenschutz actionsAll Vodafone GmbH actions
Full Legal Summary
Detailed

The Federal Commissioner for Data Protection and Freedom of Information (BfDI) has imposed a fine of EUR 45,000,000 on Vodafone GmbH. The controller failed to properly supervise a third agency, which the controller used as a data processor. This resulted in employees of the third agency defrauding the controller's customers. The controller also failed to implement sufficient technical and organizational measures during an authentication process, which created the risk of third parties gaining access to customers' personal data. The BfDI emphasized the good cooperation with the controller throughout the process.

Related Enforcement Actions (0)

No other enforcement actions found for Vodafone GmbH in DE

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 January 2024

Authority

Bundesbeauftragter für den Datenschutz

Fine Amount

€45,000,000

Enforcement Tracker ID

ETid-2646

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone GmbH - Germany (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: