Bankia S.A.
€50,000
Non-compliance with general data processing principles
決定日期
2020年8月28日
權限
Spanish Data Protection Authority (aepd)
ES
部門
Finance, Insurance and Consulting
國家
ES
法律
GDPR狀態
FINAL說明
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
法律引文
Art. 5 (1)
問題與違規
Non-compliance with general data processing principles