Telecommunications Operator – €1,020 Fine (Bulgaria, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Bulgarian telecom company was fined for processing a service change request that a customer never made. This happened because the company didn't have strong enough security measures. The case shows why it's crucial for companies to protect customer data and verify requests before acting on them.
What happened
A telecommunications operator processed a provider change application for someone who did not request it.
Who was affected
An individual who was mistakenly processed for a service change they did not apply for.
What the authority found
The Bulgarian DPA found that the telecom operator lacked sufficient security measures, violating GDPR's principles of data processing and security.
Why this matters
This case serves as a reminder for businesses to implement robust security checks to prevent unauthorized changes to customer accounts. It highlights the importance of verifying requests to avoid mishandling personal data.
GDPR Articles Cited
The Bulgarian DPA has imposed a fine of EUR 1,020 on a telecommunications operator. The controller did not implement sufficient technical and organisational measures to ensure data security, resulting in an application for a provider change being processed for an individual who did not apply for one.
Related Enforcement Actions (0)
No other enforcement actions found for Telecommunications Operator in BG
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
17 January 2023
Authority
Commission for Personal Data Protection
Fine Amount
€1,020
Enforcement Tracker ID
ETid-2883
About this data
Cite as: Cookie Fines. Telecommunications Operator - Bulgaria (2023). Retrieved from cookiefines.eu
Last updated: