I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U. – €3,500,000 Fine (Spain, 2024)

€3,500,000Agencia Española de Protección de Datos5 February 2024Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

I-DE Redes Eléctricas Inteligentes, S.A.U. was fined €3.5 million after a cyberattack exposed the personal data of 1.35 million clients. This case is significant because it shows that companies must take strong security measures to protect customer data from breaches. Businesses should invest in cybersecurity to prevent similar incidents.

What happened

A cyberattack on I-DE Redes Eléctricas Inteligentes, S.A.U. exposed personal data of 1.35 million clients.

Who was affected

Clients of I-DE Redes Eléctricas Inteligentes, S.A.U. whose personal data was compromised during the attack.

What the authority found

The Spanish DPA found that I-DE Redes Eléctricas Inteligentes, S.A.U. failed to adequately protect personal data, leading to a significant breach.

Why this matters

This ruling underscores the need for companies to enhance their cybersecurity measures. It serves as a warning that failure to protect customer data can lead to severe financial penalties.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1) f) GDPR
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
verified correct
Spain enforcementAgencia Española de Protección de Datos actionsAll I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 3.5 million on I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U. The controller had suffered a cyber attack on its GEA web application resulting in the compromise of personal data of millions of customers. During its investigation, the DPA found that Iberdrola had not taken sufficient security measures to prevent the attack.

Related Enforcement Actions (0)

No other enforcement actions found for I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

5 February 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€3,500,000

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. I-DE REDES ELÉCTRICAS INTELIGENTES, S.A.U. - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: