Unknown – €10,000 Fine (Spain, 2020)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A company was fined EUR 10,000 by the Spanish data protection authority for mistakenly sending an email with sensitive dismissal documents to the wrong person. This mistake revealed personal data without consent. It serves as a reminder to handle sensitive information carefully and ensure emails are sent to the correct recipients.
What happened
A company sent an email containing sensitive dismissal documents to the wrong person, disclosing personal data without consent.
Who was affected
The person whose dismissal and settlement documents were mistakenly emailed to a third party.
What the authority found
The Spanish authority determined that the company violated GDPR by failing to protect personal data, resulting in unauthorized disclosure.
Why this matters
This case highlights the importance of careful handling of sensitive information and ensuring emails are sent to the correct recipients to avoid data breaches. Companies should review their email practices to prevent similar errors.
GDPR Articles Cited
The Spanish DPA (AEPD) imposed a fine of 10,000 EUR on a company for violating Art. 5 GDPR. The company sent an e-mail to a third party with the dismissal and settlement document of the data subject, disclosing their personal data without their consent.
Related Enforcement Actions (5)
Other enforcement actions involving Unknown in ES
Fine
€10K
Details
Fine Date
9 December 2020
Authority
Agencia Española de Protección de Datos
Fine Amount
€10,000
Enforcement Tracker ID
ETid-478
About this data
Cite as: Cookie Fines. Unknown - Spain (2020). Retrieved from cookiefines.eu
Last updated: