UST GLOBAL ESPAÑA, S.A.

€3,000

Non-compliance with general data processing principles

Ημερομηνία απόφασης

27 Ιουλίου 2021

Αρχή

Spanish Data Protection Authority (aepd)

Τομέας

Employment

Χώρα

Νόμος

GDPR

Κατάσταση

FINAL

Περιγραφή

The Spanish DPA (AEPD) has imposed a fine of EUR 3,000 on UST GLOBAL ESPAÑA, S.A.. An employee filed a complaint against the controller with the DPA. UST GLOBAL ESPAÑA, S.A. was acting as a service provider for OpenBank as part of a project. On 08.01.2020, the controller informed OpenBank by email that two new employees (one of them the complainant) would join the project, for which it requested access to the VPN and other applications. This email, which was sent with a copy to both employees, included their first and last names, professional email addresses, and ID card numbers. This way, both gained mutual unauthorized access to their colleague's data. The DPA considered this to be a violation of the principle of integrity and confidentiality.