Bankia S.A.
€50,000
Non-compliance with general data processing principles
Dátum rozhodnutia
28. augusta 2020
Úrad
Spanish Data Protection Authority (aepd)
ES
Sektor
Finance, Insurance and Consulting
Krajina
ES
Právo
GDPRStav
FINALPopis
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Právne citácie
Art. 5 (1)
Problémy a porušenia
Non-compliance with general data processing principles