CaixaBank, S.A.

€3,500,000

Insufficient technical and organisational measures to ensure information security

Дата на решението

12 декември 2024 г.

Орган

Spanish Data Protection Authority (aepd)

ES

Сектор

Finance, Insurance and Consulting

Държава

ES

Право

GDPR

Статус

FINAL

Описание

The Spanish DPA has imposed a fine of EUR 3.5 million on CAIXABANK, S.A. Following a complaint from customers, it was found that the mother of an account holder had access to a joint account via the bank's online platform, even though she was neither the account holder nor an authorized user. The DPA found that CaixaBank had not taken adequate technical and organizational measures to protect personal data. In addition, the principle of data protection by design and by default had been violated.

Правни цитати

Art. 5 (1)Art. 25

Въпроси и нарушения

Insufficient technical and organisational measures to ensure information security
Вижте официалния документ
Обратно към базата данни с глоби
Предишна глоба
Italian Data Protection Authority (Garante) - Phys...
Следваща глоба
Data Protection Authority of Hamburg (HmbBfDI) - C...

Бъдете информирани за прилагането на поверителността

Уважаваме поверителността ви. Един имейл на месец, без спам, отпишете се по всяко време.