Skip to content
Enforcement
EN

ORANGE BANK, S.A. SUCURSAL EN ESPAÑA: Insufficient technical and organisational measures to ensure information security

€200,000 fine - Spanish Data Protection Authority (aepd)

€200,000 Fine
ORANGE BANK, S.A. SUCURSAL EN ESPAÑA
SPAIN
Insufficient technical and organisational measures to ensure information security

Content

The Spanish DPA (AEPD) has imposed a fine of EUR 200,000 on ORANGE BANK, S.A. SUCURSAL EN ESPAÑA. The AEPD reacted to multiple complaints of private individuals regarding a data leak. ORANGE BANK (the controller) used a data processor for the processing of personal data. ORANGE BANK was unable to ensure that necessary technical and organizational measures had been taken, resulting in the infringement of Art. 5 (1) f) GDPR. Additionally, the AEPD decided that the present infringement is particularly serious, due to the fact, that ORANGE BANK processes large amounts of data resulting in an increased demand towards the internal processes regarding data protection and security. Lastly the AEPD ordered ORANGE BANK to bring their processes into compliance with the GDPR within 6 months after the decision becomes final and enforceable.

GDPR Articles: Art. 5 (1) f) GDPR
Industry: Finance, Insurance and Consulting