Bankia S.A.
€50,000
Non-compliance with general data processing principles
Datum för beslut
28 augusti 2020
Myndighet
Spanish Data Protection Authority (aepd)
ES
Sektor
Finance, Insurance and Consulting
Land
ES
Lag
GDPRStatus
FINALBeskrivning
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
Rättsliga hänvisningar
Art. 5 (1)
Frågor och överträdelser
Non-compliance with general data processing principles