Details:

Summary The AEPD found that a third party had access to the name, telephone number and address of another customer.
Link: link
Related articles:  Art. 5 (1) f) GDPR, Art. 32 GDPR
Type: Insufficient technical and organisational measures to ensure information security
Fine: EUR 30,000
Sector Media, Telecoms and Broadcasting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law