Spain

PHARMA TALENTS, S.L.U.

2,400 €

GDPR enforcement action by Spanish Data Protection Authority (aepd) on 2022-01-14.

Rank · Sector

#410

of 597 in Industry and Commerce

Rank · Spain

#661

of 1,075

Rank · All fines

#2,197

of 3,050

Case details

Authority: Spanish Data Protection Authority (aepd)
Date: 2022-01-14
Controller / Processor: PHARMA TALENTS, S.L.U.
Sector: Industry and Commerce
Quoted Articles: Art. 5 (1) f) GDPR, Art. 32 GDPR
Type of violation: Insufficient technical and organisational measures to ensure information security

Summary

The Spanish DPA has imposed a fine against PHARMA TALENTS, S.L.U. A data subject had filed a complaint against the company after he found a database on one of the company's websites containing personal data about himself and other hundreds of health sector professionals, including email address and telephone number. Both the website and the database were freely accessible. The DPA found that the company had failed to implement adequate technical and organizational measures to ensure a level of security appropriate to the risk to data subjects, since not even a username and password were required to access the database. The original fine of EUR 4,000 was reduced to EUR 2,400 due to voluntary payment and admission of guilt.

Open original source Links to the regulator's original publication or another source.