Spanish Data Protection Agency Initiates Sanction Procedure Against Uniqlo Europe

The Spanish Data Protection Agency (AEPD) has launched a sanction procedure against Uniqlo Europe, Ltd, Spanish Branch, following a significant data breach that occurred in August 2022. The incident came to light when a former employee filed a complaint on March 31, 2023, revealing that they had received an email containing a PDF with payroll information of 447 Uniqlo workers.

The breach exposed sensitive personal data including names, surnames, national identity numbers, social security numbers, bank account details, and salary information of current and former Uniqlo employees. The company attributes the incident to human error, stating that an HR staff member mistakenly sent the file while responding to the former employee's request for their own payroll information.

Uniqlo claims it was unaware of the breach until receiving notification from the AEPD on April 18, 2023, as the responsible HR employee failed to report the incident internally. Upon learning of the breach, Uniqlo took several actions:

1. Formally notified the AEPD on April 24, 2023
2. Informed affected individuals on May 4, 2023
3. Implemented new security measures and protocols
4. Provided additional training to employees on data protection
5. Opened a disciplinary procedure against the HR employee involved

The AEPD's investigation revealed that while Uniqlo had some data protection measures in place, including information security regulations and employee training, there were gaps in their risk assessment and impact evaluation processes for payroll data management.

The agency is now considering potential sanctions against Uniqlo for possible violations of data protection regulations. This case highlights the importance of robust data handling procedures and the need for immediate internal reporting of data breaches in corporate environments.

The GRC Report is your premier destination for the latest in governance, risk, and compliance news. As your reliable source for comprehensive coverage, we ensure you stay informed and ready to navigate the dynamic landscape of GRC. Beyond being a news source, the GRC Report represents a thriving community of professionals who, like you, are dedicated to GRC excellence. Explore our insightful articles and breaking news, and actively participate in the conversation to enhance your GRC journey.