GSMA Limited

€600,000

Insufficient legal basis for data processing

Datum för beslut

31 maj 2024

Myndighet

Spanish Data Protection Authority (aepd)

ES

Sektor

Individuals and Private Associations

Land

ES

Lag

GDPR

Status

FINAL

Beskrivning

The Spanish DPA has imposed a fine of EUR 600,000 on GSMA Limited. In 2022, GSMA Limited required employees of its suppliers to register on an online platform and upload proof of vaccination against COVID-19. One of the data subjects filed a complaint with the DPA as they considered the data processing to be unlawful. GSMA referred to a legal obligation and public interest, but could not provide a specific legal basis. The DPA found that less invasive safeguards would have been possible and that the affected workers were not sufficiently informed about the data processing.

Rättsliga hänvisningar

Art. 6 (1)Art. 9 (2)Art. 14

Frågor och överträdelser

Insufficient legal basis for data processing
Visa officiellt dokument
Tillbaka till databasen för böter
Föregående Fine
Spanish Data Protection Authority (aepd) - PILLOW ...
Nästa Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Håll dig uppdaterad om efterlevnaden av sekretessreglerna

Vi respekterar din integritet. Ett e-postmeddelande per månad, ingen skräppost, avsluta prenumerationen när som helst.