BAYARD REVISTAS, S.A.

€31,200

Insufficient technical and organisational measures to ensure information security

Decision Date

28 de setembro de 2022

Authority

Spanish Data Protection Authority (aepd)

ES

Sector

Media, Telecoms and Broadcasting

Country

ES

Law

GDPR

Status

FINAL

Description

The Spanish DPA has imposed a fine on Bayard Revistas S.A.. Unauthorized persons had accessed the Bayard database and thus unauthorizedly siphoned off location and contact data of users of the database. Approximately 470,000 users were affected by the incident. The DPA's investigation determined that a vulnerability in the controller's systems allowed the incident to occur. The original fine of EUR 52,000 was reduced to EUR 31,200 due to voluntary payment and admission of guilt.

Legal Citations

Art. 5 (1)Art. 32Art. 33

Issues & Violations

Insufficient technical and organisational measures to ensure information security
View Official Document
Back to Fines Database
Previous Fine
Spanish Data Protection Authority (aepd) - CLUB NA...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.