Details:
| Summary | The Spanish DPA has imposed a fine of EUR 5,000 on BANQUETES SANTA ANA, S.L.. The controller had asked a couple celebrating their wedding at its premises to provide the personal data of their guests, including ID card numbers, for the purpose of contact tracing in the context of the Covid-19 pandemic. The DPA determined that such a broad request for personal information was not necessary for contact tracing purposes and that the provision of the names, for example, would have been sufficient. |
| Link: | link |
| Related articles: | Art. 5 (1) c) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 5,000 |
| Sector | Industry and Commerce |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/