Italian DPA fines Edison Energia $5.2M over GDPR lapses

Energy company

The Italian data protection authority took action against electric utility company Edison Energia for multiple alleged violations of the General Data Protection Regulation (GDPR) regarding marketing communications and data processing transparency.

Garante announced Feb. 21 it fined Edison 4.9 million euros (then-U.S. $5.2 million) back in December after receiving multiple complaints from individuals of unwanted communications on behalf of the company. The regulator notified Edison of its investigation in May, and the company disputed the claims in June.

In addition to the penalty assessed, Garante is requiring Edison to adopt suitable procedures aimed at verifying compliant processing of personal data regarding promotional activities and enhance its customer consent procedures. The company was given 45 days to notify the regulator of progress made.

lock iconTHIS IS MEMBERS-ONLY CONTENT. To continue reading, choose one of the options below.