Details:
| Summary | The Spanish DPA has imposed a fine against PHARMA TALENTS, S.L.U. A data subject had filed a complaint against the company after he found a database on one of the company’s websites containing personal data about himself and other hundreds of health sector professionals, including email address and telephone number. Both the website and the database were freely accessible. The DPA found that the company had failed to implement adequate technical and organizational measures to ensure a level of security appropriate to the risk to data subjects, since not even a username and password were required to access the database. The original fine of EUR 4,000 was reduced to EUR 2,400 due to voluntary payment and admission of guilt. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR, Art. 32 GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 2,400 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/