Bankia S.A.
€50,000
Non-compliance with general data processing principles
Data della decisione
28 agosto 2020
Autorità
Spanish Data Protection Authority (aepd)
ES
Settore
Finance, Insurance and Consulting
Paese
ES
Legge
GDPRStato
FINALDescrizione
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Citazioni legali
Art. 5 (1)
Problemi e violazioni
Non-compliance with general data processing principles