Bankia S.A.
€50,000
Non-compliance with general data processing principles
Päätöspäivä
28. elokuuta 2020
Viranomainen
Spanish Data Protection Authority (aepd)
ES
Ala
Finance, Insurance and Consulting
Maa
ES
Laki
GDPRTila
FINALKuvaus
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Oikeudelliset viittaukset
Art. 5 (1)
Asiat ja rikkomukset
Non-compliance with general data processing principles