The importance of being aware when acting in a commercial world

Abstract

The Italian SA (Garante per la protezione dei dati personali) fined Enel Energia (‘EE’) over EUR 26.5 million on account of unlawfully processing users’ personal data for telemarketing purposes. The Authority also imposed EE to implement several corrective measures to bring its processing activities into compliance with EU and domestic data protection law. At the core of this impressive decision lies the heavy blame on a big market player such as EE for not having seriously taken and honoured the principle of accountability set forth by the combined provisions of art. 5, par. 2 and 24, GDPR 1 . As it results from the explanations given by the Authority for its enforcement provisions, the accountability required from a big player of the market towards the data subjects/consumers is at the highest level. Under the new GDPR, a data controller must adopt proper means to (i) observe the legal obligation of being constantly aware of the respect of the fundamental rights of natural persons due to data subject/consumers, and (ii) demonstrate such awareness at any time. Companies