CENTROS COMERCIALES CARREFOUR, S.A.
€3,200,000
Insufficient technical and organisational measures to ensure information security
決定日期
2025年3月14日
權限
Spanish Data Protection Authority (aepd)
ES
部門
Industry and Commerce
國家
ES
法律
GDPR狀態
FINAL說明
The Spanish DPA imposed a fine of EUR 3,200,000 on CENTROS COMERCIALES CARREFOUR, S.A. The controller suffered a cyberattack, resulting in the leak of a large amount of personal data. The controller failed to implement sufficient technical and organizational measures to ensure data security. Additionally, the notification of the data subjects in regards to the data breach was insufficient.
法律引文
Art. 5 (1)Art. 32Art. 34
問題與違規
Insufficient technical and organisational measures to ensure information security