Details:
| Summary | The Spanish DPA (AEPD) imposed a fine of EUR 5,000 on IDFINANCE Spain S.L.. A person had received a debt collection email from IDFinance that contained a link for the payment of an invoice directly through the controller’s website. Via the link, the person was able to view the personal data of another customer. The original fine of EUR 5,000 was reduced to EUR 3,000 due to immediate payment and admission of responsibility. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR |
| Type: | Insufficient technical and organisational measures to ensure information security |
| Fine: | EUR 3,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/