GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS – €4,000,000 Fine (Spain, 2024)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Spanish DPA has imposed a fine on GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS. The controller had suffered a data breach where unknown third parties gained access to the customer data management system using credentials of a broker which allowed them to access customer data such as name, IBAN, personal identification number. The incident affected approximately 1.5 million individuals. During its investigation, the DPA found, in particular, that the controller had failed to implement appropriate technical and organizational measures to protect personal data in order to prevent such an incident. The DPA also found that the controller had failed to carry out a risk assessment, although this was deemed necessary given the significant number of customers and the fact that the controller was consequently processing personal data of those data subjects on a large scale. The original fine of EUR 5 million was reduced to EUR 4 million due to immediate payment.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA has imposed a fine on GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS. The controller had suffered a data breach where unknown third parties gained access to the customer data management system using credentials of a broker which allowed them to access customer data such as name, IBAN, personal identification number. The incident affected approximately 1.5 million individuals. During its investigation, the DPA found, in particular, that the controller had failed to implement appropriate technical and organizational measures to protect personal data in order to prevent such an incident. The DPA also found that the controller had failed to carry out a risk assessment, although this was deemed necessary given the significant number of customers and the fact that the controller was consequently processing personal data of those data subjects on a large scale. The original fine of EUR 5 million was reduced to EUR 4 million due to immediate payment.
Related Enforcement Actions (0)
No other enforcement actions found for GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
10 December 2024
Authority
Agencia Española de Protección de Datos
Fine Amount
€4,000,000
Enforcement Tracker ID
ETid-2514
About this data
Cite as: Cookie Fines. GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS - Spain (2024). Retrieved from cookiefines.eu
Last updated: