Skip to content
Enforcement
EN

IBERDROLA, S.A.: Non-compliance with general data processing principles

€3,000,000 fine - Spanish Data Protection Authority (aepd)

€3,000,000 Fine
IBERDROLA, S.A.
SPAIN
Non-compliance with general data processing principles

Content

The Spanish DPA has fined IBERDROLA, S.A. EUR 3 million following a cyberattack on I-DE Redes, which led to the compromise of customer data from millions of individuals. Although the cyberattack targeted the GEA web application of I-DE Redes, Iberdrola, as the entity responsible for managing the group's IT systems and security infrastructure, was found to have failed in implementing sufficient security measures to prevent the incident.

GDPR Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
Industry: Transportation and Energy