Bankia S.A.

€50,000

Non-compliance with general data processing principles

Decision Date

August 28, 2020

Authority

Spanish Data Protection Authority (aepd)

ES

Sector

Finance, Insurance and Consulting

Country

ES

Law

GDPR

Status

FINAL

Description

The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.

Legal Citations

Art. 5 (1)

Issues & Violations

Non-compliance with general data processing principles
View Official Document
Back to Fines Database
Previous Fine
Data Protection Authority of Ireland - Cork Univer...
Next Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Stay Updated on Privacy Enforcement

We respect your privacy. One email per month, no spam, unsubscribe anytime.