Details:

Summary According to the AEPD, the company had not been able to demonstrate adequate measures to ensure information security, leading to unauthorized access to personal data of a client.
Link: link
Related articles:  Art. 5 (1) f) GDPR, Art. 32 GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 42,000
Sector Media, Telecoms and Broadcasting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law