Enforcement
EN CAIXABANK, S.A.: Insufficient technical and organisational measures to ensure information security
€400,000 fine - Spanish Data Protection Authority (aepd)
Summary
Art. 5 (1) f) GDPR, Art. 25 GDPR · Sector: Finance, Insurance and Consulting · Decided 2026-04-15
Related across sources
News AEPD (Spain) - PS-00020-2025 News The Italian SA fined Poste Vita for data breach Guidance Guidelines 01/2022 on data subject rights - Right of access Guidance Guidelines 8/2022 on identifying a controller or processor's lead supervisory authority Guidance Guidelines 4/2019 on Article 25 Data Protection by Design and by Default Version 2.0 Adopted on 20 October 2020 Guidance Guidelines 01/2021