GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS – €4,000,000 Fine (Spain, 2024)

€4,000,000Agencia Española de Protección de Datos10 December 2024Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Generali España was fined €4 million for a data breach that exposed personal information of about 1.5 million customers. The company failed to implement proper security measures to protect this data. This case serves as a reminder for businesses to prioritize data security to avoid costly breaches.

What happened

Generali España suffered a data breach where unauthorized access to customer data occurred due to inadequate security measures.

Who was affected

Approximately 1.5 million customers whose personal data was accessed during the breach.

What the authority found

The Spanish data protection authority found that Generali España did not take necessary steps to protect personal data, violating GDPR requirements.

Why this matters

This fine highlights the financial risks companies face if they neglect data security. It underscores the need for businesses to regularly assess and improve their data protection practices.

GDPR Articles Cited

AI-verified

Art. 25(GDPR)
Art. 32(GDPR)
Art. 35(GDPR)
Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR
Art. 25 GDPR
Art. 32 GDPR
Art. 35 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
date discrepancy
Spain enforcementAgencia Española de Protección de Datos actionsAll GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS. The controller had suffered a data breach where unknown third parties gained access to the customer data management system using credentials of a broker which allowed them to access customer data such as name, IBAN, personal identification number. The incident affected approximately 1.5 million individuals. During its investigation, the DPA found, in particular, that the controller had failed to implement appropriate technical and organizational measures to protect personal data in order to prevent such an incident. The DPA also found that the controller had failed to carry out a risk assessment, although this was deemed necessary given the significant number of customers and the fact that the controller was consequently processing personal data of those data subjects on a large scale. The original fine of EUR 5 million was reduced to EUR 4 million due to immediate payment.

Related Enforcement Actions (0)

No other enforcement actions found for GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

10 December 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€4,000,000

Enforcement Tracker ID

ETid-2514

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. GENERALI ESPAÑA, SOCIEDAD ANONIMA DE SEGUROS Y REASEGUROS - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: