Enforcement
EN Bankia S.A.: Non-compliance with general data processing principles
€50,000 fine - Spanish Data Protection Authority (aepd)
Content
The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation.
GDPR Articles: Art. 5 (1) b) GDPR
Industry: Finance, Insurance and Consulting