Endesa’s sins penalized with $6 million
6 million fine for Endesa
ENDESA is sanctioned by the Spanish Data Protection Agency(AEPD) with a millionaire fine of more than 6 MILLION EUROS.
The 215-page resolution published by the AEPD bases the sanction on a violation of security due to improper access to personal data processed by ENDESA and the integrity of such data, as certain information was modified to make fraudulent registrations.
ENDESA’s allegations
We highlight ENDESA’s interpretation of the application of sanctions for violation of art. 5.1 and 32 of the GDPR separately, since they claim that this should not be the case, since art. 5.1 relating to confidentiality and data integrity and the security measures of art. 32 are equivalent, and that sanctioning their non-compliance separately means sanctioning the same thing twice and would be contrary to the principle of non bis in idem.
However, for the AEPD they are two different articles and should be sanctioned separately.
Details of the sanction to ENDESA
We analyze below the reasons for the different penalties and the amounts imposed for each one:
Infringement of Article 5.1.f) of the GDPR, with a fine of 2,500,000 €.
Failure to implement appropriate measures to ensure the integrity and confidentiality of the personal data processed.
Infringement of Article 32 of the GDPR with a fine of 1.500.000 €.
Appropriate technical and organizational measures to ensure a level of security appropriate to the risk.
Infringement of Article 33 of the GDPR, with a fine of 800,000 €.
Failure to notify a breach of personal data security to the supervisory authority
Infringement of Article 34 of the GDPR, with a fine of 800,000 €.
Failure to communicate the personal data security breach to the affected individuals
Infringement of Article 44 of the GDPR, with a fine of 500,000 €.
Failure to comply with the obligations established in the GDPR for international data transfers.
Total: €6,100,000
Business Adapter® at your service
If you need advice to avoid penalties, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]