ENERGYA VM GESTIÓN DE ENERGÍA, S.L.

€5,000,000

Non-compliance with general data processing principles

Datum för beslut

6 februari 2024

Myndighet

Spanish Data Protection Authority (aepd)

ES

Sektor

Transportation and Energy

Land

ES

Lag

GDPR

Status

FINAL

Beskrivning

The Spanish DPA (AEPD) has fined ENERGYA VM GESTIÓN DE ENERGÍA, S.L. EUR 5 million following an investigation into unlawful personal data processing by Nivalco, a company contracted by Energya VM to make sales calls to customers. During these calls, customers were misled into providing additional personal data to conclude a new energy supply contract. The AEPD determined that Energya VM acted as the 'data controller' for the processing of this personal data, as it provided Nivalco with a sales script, thereby influencing the data processing. However, Energya VM failed to comply with GDPR requirements, particularly by not conducting a risk assessment for Nivalco's data processing activities

Rättsliga hänvisningar

Art. 5 (1)Art. 5 (2)

Frågor och överträdelser

Non-compliance with general data processing principles
Visa officiellt dokument
Tillbaka till databasen för böter
Föregående Fine
Spanish Data Protection Authority (aepd) - SANITAS...
Nästa Fine
Data Protection Authority of Hamburg (HmbBfDI) - C...

Håll dig uppdaterad om efterlevnaden av sekretessreglerna

Vi respekterar din integritet. Ett e-postmeddelande per månad, ingen skräppost, avsluta prenumerationen när som helst.