(022) 820 801 centru@datepersonale.md
DP header logo
img mobile menu img close mobile menu
ROENРу
ico search toggle
datepersonale.md
/
Noutati
/
Administrative fine in the amount of EUR 6.000.000 applied by Spanish Data Protection Authority to CAIXABANK S.A., for unlawfully processing of clients’ personal data

Administrative fine in the amount of EUR 6.000.000 applied by Spanish Data Protection Authority to CAIXABANK S.A., for unlawfully processing of clients’ personal data

img 343 Views

The National Center for Personal Data Protection (NCPDP), for information and application purposes, communicates about a total administrative fine in the amount of EUR 6.000.000 applied by Spanish Data Protection Authority (AEPD) to CAIXABANK, S.A., for unlawfully processing of clients’ personal data (4.000.000 EUR) and not providing sufficient information regarding the processing of personal data (2.000.000 EUR).

The Spanish Data Protection Authority considered that CAIXABANK did not provide sufficient information regarding the categories of personal data concerned, the purposes of the processing of personal data and the lawfulness of their processing, especially regarding those processing activities based on the company’s legitimate interest. Consequently, the AEPD found a breach of the provisions of Articles 13 and 14 of GDPR, imposing a fine of EUR 2.000.000.

At the same time, the Spanish Data Protection Authority found that CAIXABANK did not provide any mechanism to collect the data subject’s consent and the processing activities based on the company’s legitimate interest were not sufficiently justified. The AEPD concluded that this constituted an infringement of Article 6 of the GDPR and, in accordance with Article 83 (5) a of the GDPR, an administrative fine of EUR 4.000.000 was imposed.

When deciding on the amount of the administrative fine, the AEPD took into account, the nature, gravity and duration of the infringement, the relationship between the company’s activity and the processing of personal data and its turnover. In addition to the administrative fine, the highest ever imposed by the Spanish DPA, the AEPD ordered CAIXABANK to bring its processing operations into compliance with Articles 6, 13 and 14 of the GDPR within the next six months.

The NCPDP, as national supervisory authority for personal data processing, emphasizes the responsibility of personal data controllers to comply with the provisions of legal framework on personal data protection and to ensure that personal data processing operations are in accordance with the legislation in force.

img
Reprezentanții Serviciului de Protecție și Pază de Stat instruiți în domeniul protecției datelor cu caracter personal

La data de 06 decembrie 2023, Centrul Național pentru Protecția Datelor cu Caracter Personal a organizat un curs de instruire în domeniul protecției datelor cu caracter personal pentru angajații Serviciului de Protecție și Pază de Stat (SPPS), la solicitarea acestora. Scopul cursului de instruire a fost de a spori gradul de percepție a angajaților SPPS […]

img 29 Views
img
Training course on personal data protection organized for representatives of the Chisinau Police Department

On 5 December 2023, the National Center for Personal Data Protection (NCPDP) organized a training course on personal data protection for employees of the Chisinau Police Department. The aim of the training course was to increase the perception of the employees of the Chisinau Police Department on the principles of personal data protection, as well […]

img 6 Views
img Video gallery
img Information