Enforcement
EN IBERDROLA, S.A.: Non-compliance with general data processing principles
€3,000,000 fine - Spanish Data Protection Authority (aepd)
Content
The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.
GDPR Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
Industry: Transportation and Energy