Banco Bilbao Vizcaya Argentaria, S.A.
€5,000,000
Insufficient fulfilment of information obligations
결정 날짜
2020년 12월 11일
권한
Spanish Data Protection Authority (aepd)
ES
섹터
Finance, Insurance and Consulting
국가
ES
법률
GDPR상태
FINAL설명
The Spanish DPA (AEPD) fined Banco Bilbao Vizcaya Argentaria, S.A. EUR 5,000,000 for violating Art. 6 GDPR (EUR 3,000,000) and Art. 13 GDPR (EUR 2,000,000). The bank had not implemented a specific mechanism to obtain the consent of the customers to process their data. Furthermore, it did not use precise terminology in its privacy policy, nor did it provide adequate information about the type of personal data that might be processed. In particular the AEPD notes that the purpose and legal basis for data processing are not sufficiently identifiable in the privacy statement.
법적 인용
Art. 6Art. 13
문제 및 위반 사항
Insufficient fulfilment of information obligations