Spain: AEPD issues resolution fining Saunier-Tec €4,800 for breach notification failure
The Spanish data protection authority ('AEPD') issued, on 2 July 2020, a resolution ('the Resolution') in proceedings PS/00122/2020 against Saunier-Tec Mantenimientos de Calor y Frio, SL. following a complaint regarding a data breach of which Saunier-Tec failed to notify the AEPD. In particular, the AEPD outlined that, although Saunier-Tec had taken measures to remedy the breach, it must notify the AEPD of any data breaches that may pose a risk to the rights and freedoms of natural persons under Article 33 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). As a result, the AEPD imposed a fine of €4,800, which was reduced to €3,600 as Saunier-Tec recognised responsibility for the violations and which Saunier-Tec paid, on 24 June 2020, after which the proceedings were terminated.
You can read the Resolution, only available in Spanish, here.