Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

GDPR fine: Italian DPA issues €3.3M fine to Sky Italia

GDPR fine Italian DPA issues €3.3M fine to Sky Italia

On 19 October 2021, the Italian data protection authority (Garante) published its decision to issue a €3.3 million fine to Sky Italia S.r.l.- a company that provides television and radio broadcasting services, for the violations of the General Data Protection Regulation (GDPR). In particular, violation of:

  • Article 5(1) (2)– Principles relating to processing of personal data,
  • Article 6(1)– Lawfulness of processing
  • Article 7 – Conditions for consent
  • Article 12(2) – Transparent information, communication and modalities for the exercise of the rights of the data subject
  • Article 14 – Information to be provided where personal data have not been obtained from the data subject
  • Article 21 – Right to object
  • Article 28 – Processor
  • Article 29 – Processing under the authority of the controller or processor

What happened?

Following numerous reports and complaints about receiving unsolicited phone calls, made both directly by Sky and through the call centers of other companies, Garante conducted a complex investigation and discovered many critical issues around the Sky Italia telemarketing campaign.

The Garante found out that promotional calls were conducted without providing adequate information to individuals about the processing and without proper consent, using unverified lists acquired from other companies.

Unlike what Sky believed, the consent given by individuals to the third party company that provided the lists did not authorize Sky to use personal data for promotional purposes.

In addition, the Garante determined that Sky had carried out promotional activities without the necessary prerequisite of lawfulness.

Sky also failed to take action on several objections to the processing from data subjects and without a platform or systems that could support the exercise of data subjects’ rights.

How could Sky Italia prevent €3.3M fine?

In order to carry out the telemarketing activity correctly, Sky should have cross-checked their contacts with the blacklist.

If the individual was not on the black list, Sky should have provided the user with all necessary information at the beginning of the phone call,  explaining the origin of the data and, only after obtaining consent, proceed with the commercial proposal.

Also Sky should have a proper system in place for resolving data subject requests.

Garante’s decision

The Garante ordered Sky to cease any processing of personal data in question, to define data processors where appropriate, and to facilitate the exercise of data subject rights, in particular, the right to object to processing.

When determining final value of the fine, Garante took into consideration the seriousness of the violations and the negligent nature of the violation.

Find out how supervisory authorities define and calculate GDPR fines.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top