IBERMUTUA, MUTUA COLABORADORA CON LA SEGURIDAD SOCIAL NUM.274. – €600,000 Fine (Spain, 2025)

€600,000Agencia Española de Protección de Datos25 February 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

IBERMUTUA was fined for a technical error that exposed the health data of over 3,000 individuals to unauthorized recipients. The company did not have adequate protections in place to prevent this data breach. This incident underscores the necessity for businesses to implement strong data security measures.

What happened

IBERMUTUA accidentally transferred personal health data of 3,395 individuals to 354 unauthorized recipients due to a technical error.

Who was affected

Individuals whose health information was improperly shared due to the data breach.

What the authority found

The Spanish DPA ruled that IBERMUTUA failed to implement adequate technical and organizational measures to protect personal data.

Why this matters

This ruling stresses the importance of having robust data protection systems in place. Companies must prioritize data security to prevent breaches and protect personal information.

GDPR Articles Cited

AI-verified

Art. 5(1)(f) GDPR
View original scraped data
Art. 5(1)(f) GDPR

Original data from scraper before AI verification against source document.

Source verified 6 March 2026
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll IBERMUTUA, MUTUA COLABORADORA CON LA SEGURIDAD SOCIAL NUM.274. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on IBERMUTUA, MUTUA COLABORADORA CON LA SEGURIDAD SOCIAL NUM.274. Due to a technical error in its online platform, personal data, including health information, of 3,395 individuals was unlawfully transferred to 354 recipients. The DPA found that the controller had failed to implement appropriate technical and organisational measures to protect personal data that could have prevented such an incident. The original fine of EUR 1 million was reduced to EUR 600,000 due to voluntary payment and admission of responsibility.

Related Enforcement Actions (0)

No other enforcement actions found for IBERMUTUA, MUTUA COLABORADORA CON LA SEGURIDAD SOCIAL NUM.274. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

25 February 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€600,000

Enforcement Tracker ID

ETid-2574

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. IBERMUTUA, MUTUA COLABORADORA CON LA SEGURIDAD SOCIAL NUM.274. - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: