promofarma ecom S.L – No Violation (Spain, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Promofarma experienced a data breach affecting 1.3 million data sets, but the Spanish authority found no violation because the company had strong security measures in place. This case shows the importance of having robust data protection strategies to handle breaches effectively.
What happened
Promofarma faced a data breach where 1.3 million data sets were accessed, but it had effective measures to manage the breach.
Who was affected
Individuals whose personal data was part of the 1.3 million data sets accessed during the breach.
What the authority found
The Spanish authority concluded that Promofarma complied with GDPR as it had adequate measures to manage and mitigate the data breach.
Why this matters
This case underscores the need for businesses to implement strong security measures and response plans to handle data breaches. Effective management of such incidents can prevent penalties and protect customer trust.
GDPR Articles Cited
The AEPD carried out an ex officio investigation. The AEPD found the existence of a data breach by possible access to personal data. 1,300,000 data sets were lost through an external attack. The data was subsequently found on the deepweb. However, the AEPD confirmed that Promofarma, had technical and organizational measures to deal with such an incident. This allowed the detection, analysis and classification of the data breach in order to notify, communicate and minimize the impact and implement reasonable measures to avoid future repetition through an action plan. The adoption of technical and organizational measures, such as a more robust encryption system and improvements of the personal data management applications was also positively taken into account by the AEPD. The final report on the breach and its impact was seen as a valuable source of information to analyze and manage future risks. The use of this information will serve to prevent the repetition of a similar attack. Therefore, it has been accredited that the action of the controller has been in accordance with the GDPR and the file was closed.
Outcome
No Violation
The DPA investigated and found no violation.
Related Enforcement Actions (0)
No other enforcement actions found for promofarma ecom S.L in ES
This is the only recorded action for this entity in this jurisdiction.
Details
About this data
Cite as: Cookie Fines. promofarma ecom S.L - Spain (2019). Retrieved from cookiefines.eu
Last updated: