Article summary
MLex has reported that an unidentified bookstore owner in Spain has paid a fine of €4,000 imposed by the Spanish Data Protection Authority (DPA) for breaching the EU’s General Data Protection Regulation, Regulation (EU) 2016/679 (EU GDPR) principle of integrity and confidentiality of data. The complainant had received from the data controller an e-mail with invoices of different data subjects that included personal information such as name, ID card number and postal address, the regulator said. The DPA said that the controller failed to implement sufficient technical and organisational measures for data security. The initial fine amounted to €5,000, but it was reduced as the controller agreed to make a voluntary payment.
To continue reading this news article, as well as thousands of others like it, sign in with LexisNexis or register for a free trial