Skip to content
Enforcement
EN

IDFINANCE Spain, S.L.: Insufficient technical and organisational measures to ensure information security

€3,000 fine - Spanish Data Protection Authority (aepd)

€3,000 Fine
IDFINANCE Spain, S.L.
SPAIN
Insufficient technical and organisational measures to ensure information security

Content

The Spanish DPA (AEPD) imposed a fine of EUR 5,000 on IDFINANCE Spain S.L.. A person had received a debt collection email from IDFinance that contained a link for the payment of an invoice directly through the controller's website. Via the link, the person was able to view the personal data of another customer. The original fine of EUR 5,000 was reduced to EUR 3,000 due to immediate payment and admission of responsibility.

GDPR Articles: Art. 5 (1) f) GDPR
Industry: Finance, Insurance and Consulting