Logo Lener
ES • EN • CA
  • The Firm

    Who we are

    CSR

    Partnerships
  • Practice areas

    Restructuring

    Legal and Tax

    Corporate and M&A

    Labor and LRP

    Tax

    Litigation and Arbitration

    Real Estate and Urban Planning

    Public law

    Compliance and Corporate Governance

    Insolvency Adm.
  • Sectors

    Healthcare

    Hotel

    Real Estate

    Agri-food

    Foundations and NGOs

    Private Wealth

    Transport

    Construction and Public Works
  • Corp.Finance
  • Professionals
  • Current Events
  • Talent
  • Contact

Security breaches in companies

10/03/2022

Security breaches in companies

Flash informativos

The Supreme Court delimits the liability of companies in the event of security breaches

The High Court establishes and limits the duty of diligence, and the control of the effectiveness of security policies.

The publication of the recent ruling issued by the Supreme Court, Ruling No. 188/2022, of February 15 (JUR/2022/78935), has been received with great expectation, given the influence that its content and pronouncements may have on the future criteria to be adopted by the Data Protection Agency (AEPD) and the National Court on security breaches.

The uncertainty generated in different positions of the AEPD, has meant that the employer who scrupulously complies with the regulations, who has adopted periodic controls and applies the technical and organizational security measures according to the risk, in the face of circumstances beyond his control that could cause a security breach, could suffer a damaging result and therefore the imposition of a very significant penalty.

The Court confirms a penalty of 40,000 € imposed by the Data Protection Agency on a company distributing telephone products, as responsible for a serious infringement, which was in turn confirmed by the National Court, and more importantly, goes into depth to analyze the merits of the legal issue raised, reasoning whether the security measures are an obligation of means or an obligation of result.

  • In the obligation of result, the company is liable for a harmful result due to the failure of the security system, regardless of the cause and the diligence used. In the obligation of means it is sufficient to establish technically adequate measures and implement them with reasonable diligence in accordance with the technology available at any given time.

The Court in its Legal Grounds (Third, Fourth and Fifth), establishes a series of considerations and pronouncements of great practical and legal significance, which we highlight in the following document, as well as the conclusions:

In conclusion, as can be interpreted from this resolution, risks are spreading among different businesses and technologies, forcing companies to go one step ahead, rethinking current technologies and implementing diligent, agile approaches that understand security from a living and changing perspective, not relying on static and established security paradigms.

 

Lastest News

Tariffs on foreign films shown in the United States
12/05/2025
Regulation of the registration of short-stay accommodation units
09/05/2025
Assessment of the first month of ADR implementation
07/05/2025

Subscribe to the newsletter

See our latest news

Join
Suscribirse a la newsletter
* indicates required

Podrá cancelar su suscripción al newsletter en cualquier momento a través del enlace que encontrará en cada correo que reciba de nuestro newsletter.

Logo Lener
ISO
Madrid•
Barcelona•
Oviedo•
Valladolid•
Vigo•
Sevilla
Paseo de la Castellana, 23 | 28046 - Madrid | +34 913 912 066
Lener © All rights reserved  |     |   Privacy Policy  |     |   Cookies Policy  |   Legal Notice
Web design: Social Lex & Fontventa