Skip to content
Enforcement
EN

Bankia S.A.: Non-compliance with general data processing principles

€50,000 fine - Spanish Data Protection Authority (aepd)

€50,000 Fine
Bankia S.A.
SPAIN
Non-compliance with general data processing principles

Content

The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.

GDPR Articles: Art. 5 (1) b) GDPR
Industry: Finance, Insurance and Consulting