Fine issued following faulty configuration of email account
29 September 2022
The Spanish data protection authority (AEPD) has issued a fine of 3 000 euro to the Spanish company Estudios Europeos De Postgrado Y Empresa Sl. as a consequence of their failure to comply with the GDPR.
When a new employee at the company was given access to her email account, she discovered she had access to another employee´s inbox. Consequently, she had access to all emails received and sent by the other employee. The employee given the faulty access reported this to the AEPD. After an investigation, the AEPD concluded that the incident occurred because of a faulty configuration of the email account. Therefore, the AEPD found that the company had not implemented appropriate technical and organizational measures, which is a breach of the principle of integrity and confidentiality in the GDPR.
Read more: https://www.aepd.es/es/documento/ps-00581-2021.pdf