Owner of a Law Firm

€600

Insufficient technical and organisational measures to ensure information security

Decision Date

3 de abril de 2025

Authority

Spanish Data Protection Authority (aepd)

ES

Sector

Finance, Insurance and Consulting

Country

ES

Law

GDPR

Status

FINAL

Description

The Spanish DPA imposed a fine on the owner of a law firm. The controller disclosed personal information in an external email because they did not implement sufficient technical and organizational measures. The original fine of EUR 1,000 was reduced to EUR 600 due to immediate payment and admission of responsibility by the controller.

Legal Citations

Art. 5 (1)

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Romanian National Supervisory Authority for Person...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.