Vodafone – PANAFON A.E.E.T. – €550,000 Fine (Greece, 2025)

€550,000Hellenic Data Protection Authority25 June 2025Greece
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Vodafone – PANAFON A.E.E.T. received a EUR 550,000 fine from the Hellenic Data Protection Authority for failing to secure customer data. This case is significant because it shows that large companies must also be held accountable for data protection failures.

What happened

Vodafone did not implement proper security measures, allowing a telecommunications shop to wrongly assign multiple SIM cards to one person.

Who was affected

Customers whose SIM cards were improperly assigned were affected.

What the authority found

The authority found that Vodafone failed to ensure adequate security and did not have a proper agreement with its data processor.

Why this matters

This ruling serves as a warning to large companies that they must enforce strict data protection practices to safeguard customer information.

GDPR Articles Cited

AI-verified

Art. 5(1)(d) GDPR
Art. 28(1) GDPR
View original scraped data
Art. 5(1)(d) GDPR
Art. 28(1) GDPR
(3) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
verified correct
Greece enforcementHellenic Data Protection Authority actionsAll Vodafone – PANAFON A.E.E.T. actions
Full Legal Summary
Detailed

The Greek DPA has imposed a fine of EUR 550,000 on Vodafone – PANAFON A.E.E.T. The controller failed to implement sufficient technical and organisational measures to ensure data security, resulting in a telecommunications shop being able to wrongfully assign multiple SIM cards to an individual. The controller also failed to use a processor that could guarantee the implementation of sufficient technical and organisational measures, and failed to govern the processing with an adequate data processing agreement.

Related Enforcement Actions (1)

Other enforcement actions involving Vodafone – PANAFON A.E.E.T. in GR

Current
Jun 2025

Fine

€550K

Fine
Feb 2026· Hellenic Data Protection Authority

The Greek DPA has imposed a fine of EUR 30,000 on Vodafone – PANAFON A.E.E.T. The controller failed to handle a data subject's requests to exercise he...

€30K

Details

Fine Date

25 June 2025

Authority

Hellenic Data Protection Authority

Fine Amount

€550,000

Enforcement Tracker ID

ETid-2878

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Vodafone – PANAFON A.E.E.T. - Greece (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: