Post by account_disabled on Mar 7, 2024 3:24:37 GMT
Negligence has occurred, “a serious lack of diligence that would have been defeated if the procedures and protocols implemented had been correctly followed , correctly collating and verifying both the photograph and the signature of the document that was presented along with the Cash Drawdown” or, as expressed in another point of the resolution, this behavior would have been overcome “if the established protocols and precautions had been adopted.” In the obligations of means, the commitment acquired is to provide the technical and organizational means, as well as to display diligent activity in their implementation and use , something that would not have happened in this case.
Therefore, the defendant would have violated article 6 of the Regulation regarding the legitimacy of the treatment and article 32 on the safety of the treatment, taking into account that he Fax Lists has failed to comply with the most basic standards of care and adequate security measures have not been adopted. risk . “The documentation in the file shows that the defendant has violated article 32 of the RGPD, by not having implemented and not using appropriate technical and organizational measures to guarantee a level of security appropriate to the risk in this processing,” they state.
The AEPD rejects the claimant's allegation that two sanctions not be imposed because, it maintains, there is a medial concurrence of infractions. The AEPD rejects this allegation in accordance with the RGPD, which establishes that “if a controller or a person in charge of the treatment intentionally or negligently fails to comply, for the same treatment operations or related operations, with various provisions of this Regulation, the total amount of the fine administrative will not be higher than the amount provided for the most serious infractions.Taking into account that the investigated entity is one of the large companies within its sector, with a sales volume of more than one million euros and that its ordinary activity involves the "constant and abundant handling of personal data", it is imposes a fine of 50,000 euros for violating article 6.
Therefore, the defendant would have violated article 6 of the Regulation regarding the legitimacy of the treatment and article 32 on the safety of the treatment, taking into account that he Fax Lists has failed to comply with the most basic standards of care and adequate security measures have not been adopted. risk . “The documentation in the file shows that the defendant has violated article 32 of the RGPD, by not having implemented and not using appropriate technical and organizational measures to guarantee a level of security appropriate to the risk in this processing,” they state.
The AEPD rejects the claimant's allegation that two sanctions not be imposed because, it maintains, there is a medial concurrence of infractions. The AEPD rejects this allegation in accordance with the RGPD, which establishes that “if a controller or a person in charge of the treatment intentionally or negligently fails to comply, for the same treatment operations or related operations, with various provisions of this Regulation, the total amount of the fine administrative will not be higher than the amount provided for the most serious infractions.Taking into account that the investigated entity is one of the large companies within its sector, with a sales volume of more than one million euros and that its ordinary activity involves the "constant and abundant handling of personal data", it is imposes a fine of 50,000 euros for violating article 6.