CaixaBank, S.A.

€5,000,000

Non-compliance with general data processing principles

Data da decisão

26 de outubro de 2023

Autoridade

Spanish Data Protection Authority (aepd)

ES

Setor

Finance, Insurance and Consulting

País

ES

Lei

GDPR

Status

FINAL

Descrição

The Spanish DPA has imposed a fine of EUR 5 million on CAIXABANK, S.A.. A customer had filed a complaint about having access to a document containing information on a transfer from a third party. The document contained personal data of the third party, such as the name and bank details of the data subject. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to protect personal data and prevent such incidents. The DPA also found that the controller had failed to comply with the principle of data protection by design and by default, as it acted reactively rather than proactively in handling the complaint.

Citações legais

Art. 5 (1)Art. 25Art. 32

Problemas e violações

Non-compliance with general data processing principles
Ver documento oficial
Voltar ao banco de dados de multas
Multa anterior
Italian Data Protection Authority (Garante) - Home...
Próxima multa
Data Protection Authority of Hamburg (HmbBfDI) - C...

Mantenha-se atualizado sobre a aplicação da privacidade

Respeitamos sua privacidade. Um e-mail por mês, sem spam, cancele sua inscrição a qualquer momento.