BASER COMERCIALIZADORA DE REFERENCIA, S.A. – €150,000 Fine (Spain, 2022)

€150,000Agencia Española de Protección de Datos11 April 2022Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

The Spanish Data Protection Authority fined BASER COMERCIALIZADORA DE REFERENCIA, S.A., EUR 150,000 for not verifying a customer's identity properly. This led to a fraudster changing the customer's electricity contract. The case underscores the need for strong security checks.

What happened

BASER COMERCIALIZADORA DE REFERENCIA, S.A. was fined for not verifying a customer's identity, allowing a fraudster to alter their contract.

Who was affected

Customers whose contracts were altered by fraudsters due to inadequate identity verification.

What the authority found

The authority found that the company failed to implement sufficient security measures to verify the identity of individuals, violating GDPR.

Why this matters

This fine highlights the importance of robust identity verification processes to prevent fraud and protect customer data.

GDPR Articles Cited

AI-verified

Art. 6 GDPR
View original scraped data
Art. 6 GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 65.4 LOPDGDD
Source verified 6 March 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll BASER COMERCIALIZADORA DE REFERENCIA, S.A. actions
Full Legal Summary
Detailed

The Spanish DPA has fined BASER COMERCIALIZADORA DE REFERENCIA, S.A., EUR 150,000. A customer of the company had filed a complaint with the DPA since their electricity supply contract was modified without their consent. This resulted in an increase in the electricity supply. In the course of its investigations, the DPA found that a fraudster had pretended to be the data subject by providing the name and ID number of the data subject. In this way, they were able to modify the data subject's contract. According to the DPA, the controller had not properly verified the identity of the fraudster before modifying the contract and, due to a lack of sufficient security measures, had not made sure that the inquirer was actually the data subject.

Related Enforcement Actions (0)

No other enforcement actions found for BASER COMERCIALIZADORA DE REFERENCIA, S.A. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

11 April 2022

Authority

Agencia Española de Protección de Datos

Fine Amount

€150,000

Enforcement Tracker ID

ETid-1129

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. BASER COMERCIALIZADORA DE REFERENCIA, S.A. - Spain (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: