Enforcement
EN REPSOL COMERCIALIZADORA DE ELECTRICIDAD Y GAS, S.L.: Insufficient technical and organisational measures to ensure information security
€1,380,000 fine - Spanish Data Protection Authority (aepd)
Content
The Spanish DPA imposed a fine of EUR 1,380,000 on REPSOL COMERCIALIZADORA DE ELECTRICIDAD Y GAS, S.L. The controller used outdated technical and organisational measures to manage customer contracts. This resulted in an individual receiving energy bills, without having a contract with the controller. The size of the controller, a multinational company, and the large amount of personal data being processed, were seen as aggravating factors.
GDPR Articles: Art. 5 (1) d) GDPR, Art. 32 GDPR
Industry: Transportation and Energy