Italy’s Data Protection Authority, the Garante, on 10 March fined five companies in excess of 11 million euros for the unlawful processing of personal data.
The data breach was discovered in the context of a broader financial police (Guardia di Financia) investigation into money laundering by a multinational company, Sigue Global Service Limited, and four other organisations. The Garante says that the companies attributed money transfers to China to more than a thousand customers whose personal data was used illegally.
Rocco Panetta, Equity Partner at NCTM Law Firm and Secretary General of ICF Italian Compliance Forum, writes: ‘As a result, the Garante issued five remarkable sanctions for the violations of data protection provisions (in particular the lack of consent ex art. 23 of Ital’s Privacy Code), respectively 5,880,000 euros for the multinational company and 1,590,000, 1,430,000, 1,260,000 and 850,000 euros for the other companies.’
‘These sanctions are the highest ever issued by a DPA in Europe.’
See the DPA’s press release (in Italian) at http://www.garanteprivacy.it/web/guest/home/docweb/-/docweb-display/docweb/6072330