UST GLOBAL ESPAÑA, S.A.

€3,000

Non-compliance with general data processing principles

Päätöspäivä

27. heinäkuuta 2021

Viranomainen

Spanish Data Protection Authority (aepd)

Ala

Employment

Maa

Laki

GDPR

Tila

FINAL

Kuvaus

The Spanish DPA (AEPD) has imposed a fine of EUR 3,000 on UST GLOBAL ESPAÑA, S.A.. An employee filed a complaint against the controller with the DPA. UST GLOBAL ESPAÑA, S.A. was acting as a service provider for OpenBank as part of a project. On 08.01.2020, the controller informed OpenBank by email that two new employees (one of them the complainant) would join the project, for which it requested access to the VPN and other applications. This email, which was sent with a copy to both employees, included their first and last names, professional email addresses, and ID card numbers. This way, both gained mutual unauthorized access to their colleague's data. The DPA considered this to be a violation of the principle of integrity and confidentiality.