Skip to content
Enforcement
EN

CAJA RURAL DE ARAGÓN, S.C.C.: Non-compliance with general data processing principles

€12,000 fine - Spanish Data Protection Authority (aepd)

€12,000 Fine
CAJA RURAL DE ARAGÓN, S.C.C.
SPAIN
Non-compliance with general data processing principles

Content

The Spanish DPA has imposed a fine on CAJA RURAL DE ARAGÓN, S.C.C.. The controller had suffered a cyber attack in which the attackers were able to access customer data due to a security vulnerability in its systems. The DPA found that the company had failed to implement the necessary security measures that could have prevented such an incident. The original fine of EUR 15,000 was reduced to EUR 12,000 due to voluntary payment.

GDPR Articles: Art. 5 (1) f) GDPR
Industry: Finance, Insurance and Consulting