When a new employee at the company was given access to her email account, she discovered she had access to another employee´s inbox. Consequently, she had access to all emails received and sent by the other employee. The employee given the faulty access reported this to the AEPD. After an investigation, the AEPD concluded that the incident occurred because of a faulty configuration of the email account. Therefore, the AEPD found that the company had not implemented appropriate technical and organizational measures, which is a breach of the principle of integrity and confidentiality in the GDPR.