UST GLOBAL ESPAÑA, S.A.

Опис

The Spanish DPA (AEPD) has imposed a fine of EUR 3,000 on UST GLOBAL ESPAÑA, S.A.. An employee filed a complaint against the controller with the DPA. UST GLOBAL ESPAÑA, S.A. was acting as a service provider for OpenBank as part of a project. On 08.01.2020, the controller informed OpenBank by email that two new employees (one of them the complainant) would join the project, for which it requested access to the VPN and other applications. This email, which was sent with a copy to both employees, included their first and last names, professional email addresses, and ID card numbers. This way, both gained mutual unauthorized access to their colleague's data. The DPA considered this to be a violation of the principle of integrity and confidentiality.