French Telecom Operator Pays the GDPR Fine

The French Data Protection Authority (the “CNIL”) was not in a festive mood when right after Christmas, on the 27th of December, announced and imposed the fine of €250,000 to French telecom operator Bouygues Telecom after they failed to protect their customers‘ personal data.

Personal data of customers was compromised when due to the security vulnerability and the human mistake. According to the Lexology,  the computer code, which requires user authentication on the company’s website, had been deactivated during a test phase but not re-activated once the tests were completed. Documents containing customers’ personal data were accessible for anyone. The company quickly blocked the data from improper access, but it took 4 days for  Bouygues Telecom notice, identify and report the infringement.

LEARNING TIP:  Human error causes 4 out of 5 data breaches (in UK). Lack of training,  unclear responsibilities or improdence, can give rise to error (confidential data emailed to the incorrect recipient, loss or theft of paperwork, data left in an insecure location and others). In order to avoid possible human errors, clear directions should be given to each employee about their responsibilities. Also, training should take a place after addapting new technical or organizational security measure. Emploees must be well informed how to recognise a threat and what to do in case of an accident.

Read more about the most common causes of data breaches.

Share on facebook
Share on linkedin
Share on twitter
Share on pinterest
Share on print
Share on email

Latest Blog Posts