Bankia S.A.
€50,000
Non-compliance with general data processing principles
Datum odločitve
28. avgust 2020
Organ
Spanish Data Protection Authority (aepd)
ES
Sektor
Finance, Insurance and Consulting
Država
ES
Zakon
GDPRStatus
FINALOpis
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Pravne navedbe
Art. 5 (1)
Vprašanja in kršitve
Non-compliance with general data processing principles