CAJA RURAL DE SALAMANCA, S.C.C. – €200,000 Fine (Spain, 2025)

€200,000Agencia Española de Protección de Datos17 January 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

CAJA RURAL DE SALAMANCA was fined for not adequately protecting customer data during a cyber attack. The company lacked the necessary security measures to prevent unauthorized access to personal information. This ruling serves as a reminder for businesses to strengthen their data protection practices.

What happened

CAJA RURAL DE SALAMANCA suffered a cyber attack that led to unauthorized access of customer data due to weak security measures.

Who was affected

Customers whose personal data was compromised in the cyber attack.

What the authority found

The Spanish DPA found that CAJA RURAL DE SALAMANCA did not implement sufficient security measures, violating GDPR's data protection standards.

Why this matters

This case underscores the critical need for businesses to enhance their cybersecurity efforts. Failure to protect customer data can result in hefty fines and damage to reputation.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
date discrepancy
Spain enforcementAgencia Española de Protección de Datos actionsAll CAJA RURAL DE SALAMANCA, S.C.C. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on CAJA RURAL DE SALAMANCA, S.C.C.. The controller had suffered a cyber attack in which the attackers were able to access customer data due to a security vulnerability in its systems. The DPA found that the company had failed to implement the necessary security measures that could have prevented such an incident. The original fine of EUR 250,000 was reduced to EUR 200,000 due to voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for CAJA RURAL DE SALAMANCA, S.C.C. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 January 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€200,000

Enforcement Tracker ID

ETid-2553

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CAJA RURAL DE SALAMANCA, S.C.C. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: