AXA Real Estate Investment Managers Iberica S.A. – €100,000 Fine (Spain, 2024)

€100,000Agencia Española de Protección de Datos7 June 2024Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

AXA Real Estate Investment Managers Iberica S.A. mishandled a USB device containing sensitive information, which led to a data breach affecting 143 individuals. The company lost both the USB and its password because they were sent together, violating security rules. This case highlights the importance of strong data protection measures for businesses handling sensitive information.

What happened

AXA lost a USB device containing sensitive data because the password was sent in the same envelope.

Who was affected

143 individuals whose sensitive information was stored on the lost USB device.

What the authority found

The Spanish data protection authority found that AXA did not take adequate security measures to protect personal data, violating Article 32 of GDPR.

Why this matters

This ruling emphasizes that companies must implement strong security practices to protect sensitive data. Businesses should regularly review their data handling procedures to prevent similar breaches.

GDPR Articles Cited

AI-verified

Art. 32(GDPR)
View original scraped data
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 10 March 2026
amount discrepancy
entity split needed
Spain enforcementAgencia Española de Protección de Datos actionsAll AXA Real Estate Investment Managers Iberica S.A. actions
Full Legal Summary
Detailed

AXA Real Estate Investment Managers Iberica S.A. faced a data breach in May 2023 involving the mishandling of a USB device containing sensitive information for 143 individuals. Although the USB was encrypted, the password was sent within the same envelope, leading to the loss of both the device and its password. The AEPD initiated a sanction process, citing a violation of Article 32 of the GDPR for inadequate security measures. AXA was fined €100,000, reduced to €80,000 due to voluntary payment.

Related Enforcement Actions (0)

No other enforcement actions found for AXA Real Estate Investment Managers Iberica S.A. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

7 June 2024

Authority

Agencia Española de Protección de Datos

Fine Amount

€100,000

GDPRhub ID

gdprhub-8269

Sources

About this data

Data: GDPRhub (noyb.eu)
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. AXA Real Estate Investment Managers Iberica S.A. - Spain (2024). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: