IZA OBRAS Y PROMOCIONES, S.A.

€50,000

Non-compliance with general data processing principles

Decision Date

December 14, 2021

Authority

Spanish Data Protection Authority (aepd)

ES

Sector

Employment

Country

ES

Law

GDPR

Status

FINAL

Description

The Spanish DPA has fined IZA OBRAS Y PROMOCIONES, S.A. EUR 50,000. An employee had filed a complaint with the DPA against the company, alleging that the controller had unauthorizedly disclosed his personal data to another company from which it had received a construction order. The data subject was working as a construction manager on the project, but was absent from work for a period of time due to illness. The controller therefore informed its client and additionally disclosed the data subject's email address and certain health information. The DPA determined that the disclosure of this data would not have been necessary and that the controller had therefore violated the principle of data minimization.

Legal Citations

Art. 5 (1)

Issues & Violations

Non-compliance with general data processing principles
View Official Document
Back to Fines Database
Previous Fine
Norwegian Supervisory Authority (Datatilsynet) - E...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.