CAJA RURAL DE GIJÓN, S.C.A.C. – €76,000 Fine (Spain, 2025)

€76,000Agencia Española de Protección de Datos17 January 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

CAJA RURAL DE GIJÓN was fined for not protecting customer data after a cyber attack. The company failed to put in place the security measures needed to keep this information safe. This case highlights the importance of strong cybersecurity practices for businesses handling personal data.

What happened

CAJA RURAL DE GIJÓN suffered a cyber attack that exposed customer data due to inadequate security measures.

Who was affected

Customers whose personal data was accessed during the cyber attack.

What the authority found

The Spanish DPA found that CAJA RURAL DE GIJÓN did not implement necessary security measures, violating GDPR's requirement for data protection.

Why this matters

This ruling emphasizes that companies must prioritize cybersecurity to protect customer data. It serves as a warning that failure to do so can lead to significant fines.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1) f) GDPR

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
date discrepancy
Spain enforcementAgencia Española de Protección de Datos actionsAll CAJA RURAL DE GIJÓN, S.C.A.C. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on CAJA RURAL DE GIJÓN, S.C.A.C.. The controller had suffered a cyber attack in which the attackers were able to access customer data due to a security vulnerability in its systems. The DPA found that the company had failed to implement the necessary security measures that could have prevented such an incident. The original fine of EUR 95,000 was reduced to EUR 76,000 due to voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for CAJA RURAL DE GIJÓN, S.C.A.C. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

17 January 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€76,000

Enforcement Tracker ID

ETid-2554

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. CAJA RURAL DE GIJÓN, S.C.A.C. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: