CENTROS COMERCIALES CARREFOUR, S.A.
€3,200,000
Insufficient technical and organisational measures to ensure information security
Дата принятия решения
14 марта 2025 г.
Авторитет
Spanish Data Protection Authority (aepd)
ES
Сектор
Industry and Commerce
Страна
ES
Закон
GDPRСтатус
FINALОписание
The Spanish DPA imposed a fine of EUR 3,200,000 on CENTROS COMERCIALES CARREFOUR, S.A. The controller suffered a cyberattack, resulting in the leak of a large amount of personal data. The controller failed to implement sufficient technical and organizational measures to ensure data security. Additionally, the notification of the data subjects in regards to the data breach was insufficient.
Юридические цитаты
Art. 5 (1)Art. 32Art. 34
Проблемы и нарушения
Insufficient technical and organisational measures to ensure information security