Details:
| Summary | The Spanish DPA has imposed a fine of EUR 25,000 on CaixaBank, S.A.. An individual had filed a complaint with the DPA due to the fact that when they requested information from the controller, they received information from a third party and not the requested information. The DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data. |
| Link: | link |
| Related articles: | Art. 32 (1) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 25,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/