Carrefour fined EUR3.2 million in Spain for GDPR breaches

( June 4, 2025, 12:38 GMT | Official Statement) -- MLex Summary: Supermarket operator Centros Comerciales Carrefour has been fined 3.2 million euros by the Spain’s Data Protection Agency, for five personal data breaches, all related to unauthorized third parties gaining access to customer accounts. The attacks exposed customer data such as names, addresses and ID numbers. The fine was issued for violations of the EU’s General Data Protection Regulation, specifically for failing to ensure data confidentiality and security and for not properly notifying affected users.The decision is attached in Spanish. ...

Prepare for tomorrow’s regulatory change, today

MLex identifies risk to business wherever it emerges, with specialist reporters across the globe providing exclusive news and deep-dive analysis on the proposals, probes, enforcement actions and rulings that matter to your organization and clients, now and in the longer term.

Know what others in the room don’t, with features including:

Daily newsletters for Antitrust, M&A, Trade, Data Privacy & Security, Technology, AI and more
Custom alerts on specific filters including geographies, industries, topics and companies to suit your practice needs
Predictive analysis from expert journalists across North America, the UK and Europe, Latin America and Asia-Pacific
Curated case files bringing together news, analysis and source documents in a single timeline

Experience MLex today with a 14-day free trial.

Start Free Trial

Already a subscriber? Click here to login

Carrefour fined EUR3.2 million in Spain for GDPR breaches

Prepare for tomorrow’s regulatory change, today

Documents

Related Sections