Details:

Summary The Spanish DPA has imposed a fine on 4FINANCE SPAIN
FINANCIAL SERVICES, S.A.U.. The controller had suffered a data breach that led to the unlawful access to customer profiles. During its investigation, the DPA found that the controller had failed to take appropriate technical and organizational measures to protect personal data in order to prevent such an incident. The original fine of EUR 600,000 was reduced to EUR 360,000 due to voluntary payment and acknowledgement of responsibility.
Link: link
Related articles:  Art. 5 (1) f) GDPR, Art. 32 GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 360,000
Sector Finance, Insurance and Consulting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law