Skip to content
Enforcement
EN

ENERGYA VM GESTIÓN DE ENERGÍA, S.L.: Non-compliance with general data processing principles

€5,000,000 fine - Spanish Data Protection Authority (aepd)

€5,000,000 Fine
ENERGYA VM GESTIÓN DE ENERGÍA, S.L.
SPAIN
Non-compliance with general data processing principles

Content

The Spanish DPA (AEPD) has fined ENERGYA VM GESTIÓN DE ENERGÍA, S.L. EUR 5 million following an investigation into unlawful personal data processing by Nivalco, a company contracted by Energya VM to make sales calls to customers. During these calls, customers were misled into providing additional personal data to conclude a new energy supply contract. The AEPD determined that Energya VM acted as the 'data controller' for the processing of this personal data, as it provided Nivalco with a sales script, thereby influencing the data processing. However, Energya VM failed to comply with GDPR requirements, particularly by not conducting a risk assessment for Nivalco's data processing activities

GDPR Articles: Art. 5 (1) a) GDPR, Art. 5 (2) GDPR
Industry: Transportation and Energy