Global Business Travel Spain SLU – €5,000 Fine (Spain, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Global Business Travel Spain SLU was fined €5,000 for not protecting health data properly, allowing unauthorized access. This case shows the need for strong security measures to keep sensitive information safe.
What happened
An employee accessed health data without proper authorization due to inadequate security measures.
Who was affected
The affected individuals were those whose health data was accessed without proper security.
What the authority found
The Spanish Data Protection Authority found that Global Business Travel Spain SLU failed to implement adequate security measures, violating GDPR.
Why this matters
This highlights the critical importance of implementing robust security measures to protect sensitive data like health information. Companies should regularly review and update their data protection strategies.
GDPR Articles Cited
The fine was preceded by an employee's access to health data of a person concerned. In the course of its investigations, the Data Protection Authority found that Global Business Travel Spain, as data controller, had infringed Article 32(2) and (4) of the GDPR by failing to take adequate technical and organisational measures to protect the data from unauthorised disclosure.
Related Enforcement Actions (0)
No other enforcement actions found for Global Business Travel Spain SLU in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
10 July 2020
Authority
Agencia Española de Protección de Datos
Fine Amount
€5,000
Enforcement Tracker ID
ETid-341
About this data
Cite as: Cookie Fines. Global Business Travel Spain SLU - Spain (2020). Retrieved from cookiefines.eu
Last updated: