Security measures.

The CTTI, in its capacity as processor, did not implement adequate security measures to guarantee the personal data it processed on behalf of the controller (Dept EDU). This allowed a student, when making a telematic pre-enrolment at a given training, to display the data of a third party on screen.