The Spanish data protection authority, the Agencia Española de Protección de Datos, has fined Madrileña Red de Gas 12,000 euros for alleged violations of the EU General Data Protection Regulation. The agency found the gas company did not have the proper measures in place to validate a data subject’s identity. The individual who filed the complaint alleges the company sent out their information to a third-party via email in response to an inquiry. The DPA lists the criteria it considered for the severity of the penalty in the sanction resolution. (Original article is in Spanish.)
If you want to comment on this post, you need to login.