AIO E-COMMERCE, S.L. – €6,400 Fine (Spain, 2022)

€6,400Agencia Española de Protección de Datos26 October 2022Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

AIO E-COMMERCE, S.L. was fined €6,400 by the Spanish Data Protection Agency after a data breach exposed customer bank details. The company failed to protect this data properly and stored more information than necessary. This highlights the need for businesses to implement strong security measures and only keep essential data.

What happened

AIO E-COMMERCE, S.L. suffered a data breach that exposed and sold customer bank details online.

Who was affected

Customers whose bank details were compromised in the data breach.

What the authority found

The Spanish DPA found that the company did not have adequate security measures and stored excessive personal data, violating GDPR principles.

Why this matters

This case underscores the importance of robust data protection strategies and the principle of data minimization. Businesses should ensure they only store necessary information and secure it against breaches to avoid penalties.

GDPR Articles Cited

Art. 5(1)(c) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll AIO E-COMMERCE, S.L. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on AIO E-COMMERCE, S.L.. The controller had suffered a data breach resulting in personal data such as bank details being siphoned off and subsequently sold on the internet. As part of its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data. The DPA also found that the controller had violated the principle of data minimization by storing all digits of the affected credit card numbers rather than just the last four. The original fine of EUR 8,000 was reduced to EUR 6,400 due to voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for AIO E-COMMERCE, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 October 2022

Authority

Agencia Española de Protección de Datos

Fine Amount

€6,400

Enforcement Tracker ID

ETid-2287

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. AIO E-COMMERCE, S.L. - Spain (2022). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: