harsh rebuke Endesa. spanish electric company Fined 6.1 million euros for not guaranteeing the security of its customers’ personal data And because they didn’t inform them privacy.
The sanction was announced on November 29. Spanish Data Protection Agency (AEPD), but that wasn’t announced until Friday. State official bulletin (BOE).
Spanish supervisor goes public BOE Companies will be fined more than one million euros. The only person affected in this round was Endesa, which manages vital resources such as electricity, gas or water.
In its decision, the AEPD details the commitments of the company headed by Juan Sánchez-Calero Guilarte. a total of five different violations violating the five articles of the Convention General Data Protection Regulation (GDPR), regulations that have strictly regulated privacy since 2016 European Union (EU).
Five “serious” violations
These breaches range from failing to ensure protection of customers’ data to failing to “properly notify” up to 760 affected people after an incident occurred. security breach The person who disclosed the information. However, there are other cases, such as failure to comply with requirements to carry out international transfers of customers’ data to suppliers in other countries.
In its decision, the AEPD emphasizes as an aggravating factor that these were “serious” violations, causing harm to its customers, and also that Endesa is “a large company accustomed to the processing of personal data”.
Shares of Endesa currently traded on the stock exchange mountain goat 35, was not affected by this decision. At the time this news was published, the company had recorded an increase of 1.02%. Its market value is 19,950 million Euros.