Skip to content
Enforcement
EN

REPSOL COMERCIALIZADORA DE ELECTRICIDAD Y GAS, S.L.: Insufficient technical and organisational measures to ensure information security

€1,380,000 fine - Spanish Data Protection Authority (aepd)

€1,380,000 Fine
REPSOL COMERCIALIZADORA DE ELECTRICIDAD Y GAS, S.L.
SPAIN
Insufficient technical and organisational measures to ensure information security

Content

The Spanish DPA imposed a fine of EUR 1,380,000 on REPSOL COMERCIALIZADORA DE ELECTRICIDAD Y GAS, S.L. The controller used outdated technical and organisational measures to manage customer contracts. This resulted in an individual receiving energy bills, without having a contract with the controller. The size of the controller, a multinational company, and the large amount of personal data being processed, were seen as aggravating factors.

GDPR Articles: Art. 5 (1) d) GDPR, Art. 32 GDPR
Industry: Transportation and Energy