Bankia S.A.
€50,000
Non-compliance with general data processing principles
Fecha de la decisión
28 de agosto de 2020
Autoridad
Spanish Data Protection Authority (aepd)
ES
Sector
Finance, Insurance and Consulting
País
ES
Ley
GDPREstado
FINALDescripción
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Citas legales
Art. 5 (1)
Problemas e infracciones
Non-compliance with general data processing principles