Automecanica Jerez, S.L. – €4,000 Fine (Spain, 2021)

€4,000Agencia Española de Protección de Datos2 September 2021Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Automecanica Jerez, S.L. was fined EUR 4,000 for sending commercial emails without consent and exposing recipients' personal information. This matters because it highlights the importance of protecting personal data and following privacy rules. Companies must ensure they have proper security measures in place when handling personal information.

What happened

Automecanica Jerez, S.L. sent commercial emails to many people without their consent and failed to protect their personal data.

Who was affected

People who received the commercial emails and had their names and email addresses visible to others were affected.

What the authority found

The Spanish Data Protection Authority ruled that the company violated GDPR by not securing personal data and not obtaining consent for emails.

Why this matters

This case emphasizes that companies must prioritize data security and obtain consent before sending marketing communications. It serves as a reminder for businesses to review their email practices and security measures.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1) f) GDPR
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 21 LSSI
Source verified 6 April 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Automecanica Jerez, S.L. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has fined Automecanica Jerez, S.L. EUR 4,000. The controller had sent commercial e-mails to a large number of people without their consent. In doing so, the controller failed to hide the personal data of the recipients, such as surname, first name and email address, which allowed the other recipients to view the data. The AEPD considered this to be a violation of Article 5 (1) f) GDPR and Article 32 GDPR, as the controller had failed to implement technical and organizational measures to ensure an adequate level of security in the processing of personal data. Furthermore the AEPD found a breach of Art. 21 LSSI.

Related Enforcement Actions (0)

No other enforcement actions found for Automecanica Jerez, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

2 September 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€4,000

Enforcement Tracker ID

ETid-823

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Automecanica Jerez, S.L. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: