Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Spain: AEPD fines Iberdrola Clientes €40,000 for GDPR violations

The Spanish data protection authority ('AEPD') issued, on 2 July 2020, a resolution ('the Resolution') in proceedings PS/00102/2020, fining Iberdola Clientes, S.A.U. €40,000 for violations of Article 5(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Resolution outlines that an individual complained that a third party received his/her electricity bill, containing personal data such as their name, address, and bank account. In addition, the Resolution highlights that Iberdola Clientes was not able to guarantee adequate security measures while processing the data subject's personal data, in violation of the principles of integrity and confidentiality. 

Lastly, the Resolution imposes a fine of €40,000, which was subsequently reduced to €24,000 as a result of Iberdola Clientes's voluntary payment.  

You can read the Resolution, only available in Spanish, here.