NBQ Technology, S.A.U.

€24,000

Insufficient legal basis for data processing

Datum odločitve

7. december 2021

Organ

Spanish Data Protection Authority (aepd)

ES

Sektor

Finance, Insurance and Consulting

Država

ES

Zakon

GDPR

Status

FINAL

Opis

The Spanish DPA (AEPD) has fined NBQ Technology, S.A.U.. A data subject filed a complaint with the DPA against the company after they had denied him a financial transaction due to alleged outstanding payments on a loan. As it turned out, an identity thief had obtained the data subject's data without authorization and applied for a loan from the data controller under pretense of the data subject's identity. The controller then approved the loan. Since the data processed in the course of granting the loan did not belong to the borrower but to the data subject, the AEPD found that the controller had no legal basis for processing the data. The processing was therefore unlawful and a breach of Art. 6 (1) GDPR was affirmed. The original fine of EUR 40,000 was reduced to EUR 24,000 due to the immediate payment and the admission of guilt.

Pravne navedbe

Art. 6 (1)

Vprašanja in kršitve

Insufficient legal basis for data processing
Oglejte si uradni dokument
Nazaj v zbirko podatkov o globah
Prejšnja globa
Romanian National Supervisory Authority for Person...
Naslednja Drobna
Data Protection Authority of Hamburg (HmbBfDI) - C...

Spremljajte novice o uveljavljanju zasebnosti

Spoštujemo vašo zasebnost. Eno e-poštno sporočilo na mesec, brez neželene pošte, odjava kadar koli.