Enforcement
EN CaixaBank, S.A.: Insufficient technical and organisational measures to ensure information security
€25,000 fine - Spanish Data Protection Authority (aepd)
Content
The Spanish DPA has imposed a fine of EUR 25,000 on CaixaBank, S.A.. An individual had filed a complaint with the DPA due to the fact that when they requested information from the controller, they received information from a third party and not the requested information. The DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data.
GDPR Articles: Art. 32 (1) GDPR
Industry: Finance, Insurance and Consulting