Intercambiador detransportes avenida de america, S.A.U. – No Violation (Spain, 2019)

No Violation
Agencia Española de Protección de Datos6 November 2019Spain
final
No Violation

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A security guard in Madrid filmed a surveillance screen and shared it on WhatsApp, but the Spanish data authority found no GDPR violation. The transport company had effective measures to handle the breach and prevent future incidents. This case highlights the importance of having strong internal processes to manage data breaches.

What happened

A security guard improperly filmed a surveillance screen and shared it via WhatsApp.

Who was affected

The public transport system's video surveillance data was involved in the breach.

What the authority found

The AEPD found no GDPR violation due to the company's effective response and preventive measures.

Why this matters

This case illustrates the importance of having robust procedures to detect and respond to data breaches, which can prevent regulatory penalties even when incidents occur.

GDPR Articles Cited

Art. 32 GDPR
Art. 33 GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Intercambiador detransportes avenida de america, S.A.U. actions
Full Legal Summary
Detailed

After a security guard of Madrid’s public transport system filmed the screen of a video surveillance system with his phone and shared the video via WhatsApp, the AEPD carried out an investigation. The AEPD found a data breach due to the improper filming of the screens in the video surveillance control center. However, the ITAA had technical and organizational measures to deal with the incident. These measures allowed the controller to detect, identify, analyze and classify the data breach. It also took a reasonable reaction to notify, communicate and minimize the impact and implement reasonable measures to avoid a repetition of the situation in the future through the implementation of an action plan. Therefore, the AEPD found that the controller did not violated Articles 32 and 33 GDPR.

Outcome

No Violation

The DPA investigated and found no violation.

Related Enforcement Actions (0)

No other enforcement actions found for Intercambiador detransportes avenida de america, S.A.U. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Decision Date

6 November 2019

Authority

Agencia Española de Protección de Datos

GDPRhub ID

gdprhub-225

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Intercambiador detransportes avenida de america, S.A.U. - Spain (2019). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: