An appeals court in Bonn, Germany has drastically reduced a fine levied against 1&1 Telecom for failure to protect consumer data in a rare victory for business against the GDPR.
The court said 1&1 Telecom should pay €900,000 ($1 million) instead of the €9.6 million euros ($11.3 million) originally meted out by Germany’s Federal Commissioner for Data Protection and Freedom of Information (BfDI), according to a report in Bank Info Security.
BfDI had charged that anyone contacting the firm's call center could retrieve customer information by providing their name and date of birth, the report continues.
The court said that the company’s fault was “minor,” it adds.
The ruling proves that GDPR penalties can be successfully appealed in court.