Global Business Travel Spain SLU
€5,000
Insufficient technical and organisational measures to ensure information security
Ngày ra quyết định
10 tháng 7, 2020
Thẩm quyền
Spanish Data Protection Authority (aepd)
ES
Ngành
Transportation and Energy
Quốc gia
ES
Luật
GDPRTrạng thái
FINALMô tả
The fine was preceded by an employee's access to health data of a person concerned. In the course of its investigations, the Data Protection Authority found that Global Business Travel Spain, as data controller, had infringed Article 32(2) and (4) of the GDPR by failing to take adequate technical and organisational measures to protect the data from unauthorised disclosure.
Trích dẫn pháp lý
Art. 32
Vấn đề & Vi phạm
Insufficient technical and organisational measures to ensure information security