Bankia S.A.
€50,000
Non-compliance with general data processing principles
Datum rozhodnutí
28. srpna 2020
Úřad
Spanish Data Protection Authority (aepd)
ES
Sektor
Finance, Insurance and Consulting
Země
ES
Právo
GDPRStav
FINALPopis
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Právní citace
Art. 5 (1)
Problémy a porušení
Non-compliance with general data processing principles