I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U.
€3,500,000
Non-compliance with general data processing principles
Ημερομηνία απόφασης
5 Φεβρουαρίου 2024
Αρχή
Spanish Data Protection Authority (aepd)
ES
Τομέας
Transportation and Energy
Χώρα
ES
Νόμος
GDPRΚατάσταση
FINALΠεριγραφή
The Spanish DPA has imposed a fine of EUR 3.5 million on I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U. The controller had suffered a cyber attack on its GEA web application resulting in the compromise of personal data of millions of customers. During its investigation, the DPA found that Iberdrola had not taken sufficient security measures to prevent the attack.
Νομικές παραπομπές
Art. 5 (1)Art. 32
Θέματα & Παραβάσεις
Non-compliance with general data processing principles