DKV Seguros y Reaseguros, S.A.E. – €132,000 Fine (Spain, 2022)

€132,000Agencia Española de Protección de Datos13 July 2022Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

DKV Seguros y Reaseguros, S.A.E. was fined €132,000 by the Spanish Data Protection Authority for sending emails with sensitive medical information to the wrong person. This breach of privacy shows the need for better data protection measures. Companies must ensure they handle personal data securely to avoid similar mistakes.

What happened

DKV Seguros y Reaseguros sent 51 emails with medical data to the wrong recipient.

Who was affected

Individuals whose medical information was mistakenly emailed to an unintended recipient.

What the authority found

The authority ruled that DKV Seguros y Reaseguros failed to protect personal data adequately, violating GDPR's security requirements.

Why this matters

This fine underscores the need for robust data protection practices, especially when handling sensitive information. Companies should implement strong security measures to prevent data breaches.

GDPR Articles Cited

AI-verified

Art. 32 GDPR
Art. 33 GDPR
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 32 GDPR
Art. 33 GDPR

Original data from scraper before AI verification against source document.

National Law Articles

AI-identified

Art. 65.4 LOPDGDD
Source verified 6 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll DKV Seguros y Reaseguros, S.A.E. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on DKV Seguros y Reaseguros, S.A.E.. An individual had filed a complaint with the DPA after receiving multiple e-mails from the controller containing information from an unknown person. The controller had sent 51 emails with medical certificates containing the names, surnames and data on medical tests of the data subjects to the wrong recipient. The complainant had alerted the controller to the wrong mailing several times, but the controller did not respond until it learned of the complaint to the DPA. The controller had not reported the data breach to the DPA. In the course of its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to ensure a level of data protection security appropriate to the risk. The original fine of EUR 220,000 was reduced to EUR 132,000 due to voluntary payment and admission of responsibility.

Related Enforcement Actions (0)

No other enforcement actions found for DKV Seguros y Reaseguros, S.A.E. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

13 July 2022

Authority

Agencia Española de Protección de Datos

Fine Amount

€132,000

Enforcement Tracker ID

ETid-1283

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. DKV Seguros y Reaseguros, S.A.E. - Spain (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: