Details:
| Summary | The Spanish DPA has imposed a fine of EUR 3,000 on ESTUDIOS EUROPEOS DE POSTGRADO Y EMPRESA, S.L.. An employee had filed a complaint with the DPA. The employee stated that she had been given access to a company email account when she was hired. However, upon accessing the account, she discovered that the email account was not actually her account, but rather the email account of another employee. Thus, she was able to access all emails sent and received by the other employee. During its investigation, the DPA determined that the controller had not properly configured the account and had therefore breached its duty to implement appropriate technical and organizational measures to protect personal data. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 32 (1) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 3,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/