CaixaBank, S.A.

€3,500,000

Insufficient technical and organisational measures to ensure information security

Sprendimo priėmimo data

2024 m. gruodžio 12 d.

Institucija

Spanish Data Protection Authority (aepd)

ES

Sektorius

Finance, Insurance and Consulting

Šalis

ES

Teisė

GDPR

Statusas

FINAL

Aprašymas

The Spanish DPA has imposed a fine of EUR 3.5 million on CAIXABANK, S.A. Following a complaint from customers, it was found that the mother of an account holder had access to a joint account via the bank's online platform, even though she was neither the account holder nor an authorized user. The DPA found that CaixaBank had not taken adequate technical and organizational measures to protect personal data. In addition, the principle of data protection by design and by default had been violated.

Teisinės citatos

Art. 5 (1)Art. 25

Problemos ir pažeidimai

Insufficient technical and organisational measures to ensure information security
Peržiūrėti oficialų dokumentą
Grįžti į baudų duomenų bazę
Ankstesnis Bauda
Italian Data Protection Authority (Garante) - Phys...
Kitas Bauda
Data Protection Authority of Hamburg (HmbBfDI) - C...

Gaukite naujausią informaciją apie privatumo vykdymo užtikrinimą

Gerbiame jūsų privatumą. Vienas el. laiškas per mėnesį, jokių šlamšto, atsisakykite prenumeratos bet kada.