Elpedison – €168,709 Fine (Greece, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Elpedison faced a fine for making unsolicited spam calls through call centers without proper consent. The Hellenic Data Protection Authority found that the company failed to keep an updated list of people who opted out of such calls. This case highlights the importance of respecting user preferences in marketing communications.
What happened
Elpedison was fined for using call centers to make unsolicited spam calls without maintaining an updated opt-out list.
Who was affected
Individuals in Greece who had registered to opt out of unsolicited communications were affected.
What the authority found
The Hellenic Data Protection Authority ruled that Elpedison violated Greek Law by not keeping an accurate register of opt-out requests.
Why this matters
This ruling emphasizes that companies must manage opt-out lists properly to avoid fines. It serves as a reminder for businesses to ensure compliance with marketing regulations.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
National Law Articles
Entities Involved
The Hellenic Data Protection Authority undertook an investigation following numerous complaints regarding unsolicited spam calls originating from companies acting as call centres (hereinafter “processor”) on behalf of ELPEDISON A.E. (hereinafter "controller"), aimed at promoting the controller's products and services. In Greece, individuals have the option to register under Article 11 of Greek Law 3471/2006 (hereinafter "register-list") to opt out of unsolicited communications. During the investigation, complaints that did not meet validity criteria were rejected by the HDPA. The remaining 40 potentially valid complaints were categorised into four categories. Category A: six complaints where the controller acknowledged a violation might had occurred. Category B: three complaints where the controller disputed the occurrence of a violation. Category C: twenty-nine complaints where the controller claimed to had fulfilled its obligation but the processor failed. Therefore, in addition to the controller, the investigation was extended to include five processors. These processors included BEFON (3 complaints), Call Experts (11 complaints), Televise (1 complaint), Zitatel (8 complaints), and Plegma Net (7 complaints). Category D: two complaints that were still under investigation at the time. The controller had failed in many cases to provide a correct, up-to-date register-list on time, pointing out the complex process that involves receiving the register-list from various providers, which it then needs to combine and send to the processors. The processor pointed out that delays in the register-list update were due to the 11 million phone numbers that required reformatting before they could be imported and the long time required to upload them into the relevant systems. Both the controller and its processors blame human and systemic errors, claiming they were isolated incidents and not intentional. The Hellenic DPA found that the controller had breached Article 11 of Gre
Related Enforcement Actions (0)
No other enforcement actions found for Elpedison in GR
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
28 February 2024
Authority
Hellenic Data Protection Authority
Fine Amount
€168,709
GDPRhub ID
gdprhub-7830About this data
Cite as: Cookie Fines. Elpedison - Greece (2024). Retrieved from cookiefines.eu
Last updated: