Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Spain: AEPD fines Air Europa €600,000 for GDPR security and notification failures

The Spanish data protection authority ('AEPD') announced, on 17 March 2021, its decision, in proceeding PS/00179/2020, to fine Air Europa Lineas Aereas, SA. €600,000, following a notification of a security breach to the AEPD regarding unauthorised access to contact details and bank accounts, affecting approximately 489,000 individuals and 1,500,000 data records. In particular, the AEPD outlined that it had imposed a fine of €500,000 on Air Europa for violating Article 32(1) of the General Data Protection Regulation (Regulation (EU 2016/679) ('GDPR') because of its failure to have in place appropriate technical and organisational measures to ensure an adequate level of security, and €100,000 for violating Article 33 of the GDPR because it had notified the AEPD of the breach with a delay of 41 days.

You can read the decision, only available in Spanish, here.