TELEFÓNICA DE ESPAÑA SAU – €1,300,000 Fine (Spain, 2024)

€1,300,000Agencia Española de Protección de Datos26 September 2024Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Telefónica de España SAU was fined €1.3 million for a security breach that exposed customer data. The Spanish data protection authority found that the company did not take proper steps to protect personal information, which is important for keeping customer trust. This case highlights the need for businesses to implement strong security measures to safeguard user data.

What happened

Telefónica de España SAU suffered a cyber attack that allowed unauthorized access to personal customer data.

Who was affected

Customers whose personal data was accessed during the cyber attack were affected.

What the authority found

The authority ruled that Telefónica failed to implement adequate security measures to protect personal data, violating GDPR requirements.

Why this matters

This ruling emphasizes that companies must prioritize data security to avoid significant fines. It serves as a warning for all businesses to strengthen their data protection practices.

GDPR Articles Cited

AI-verified

Art. 5(1)(c) GDPR
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 5(1)(c) GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
articles corrected
Spain enforcementAgencia Española de Protección de Datos actionsAll TELEFÓNICA DE ESPAÑA SAU actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 1.3 million on TELEFÓNICA DE ESPAÑA SAU. The controller had reported a security incident to the DPA, stating that they had suffered a cyber attack that allowed unauthorised third parties to access personal customer data via an employee's account. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organisational measures to protect personal data that could have prevented such an incident. The fine is composed as follows: EUR 500,000 for the violation of Art. 5 (1) f) GDPR and EUR 800,000 for the violation of Art. 32 GDPR.

Related Enforcement Actions (0)

No other enforcement actions found for TELEFÓNICA DE ESPAÑA SAU in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

26 September 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€1,300,000

Enforcement Tracker ID

ETid-2508

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. TELEFÓNICA DE ESPAÑA SAU - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: