Bankia S.A.
€50,000
Non-compliance with general data processing principles
Data da decisão
28 de agosto de 2020
Autoridade
Spanish Data Protection Authority (aepd)
ES
Setor
Finance, Insurance and Consulting
País
ES
Lei
GDPRStatus
FINALDescrição
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Citações legais
Art. 5 (1)
Problemas e violações
Non-compliance with general data processing principles