Details:
| Summary | The Spanish DPA has imposed a fine on BANCO BILBAO VIZCAYA ARGENTARIA, S.A.. During its investigation, the DPA found that the controller had registered alleged debts of a former client to the risk information center of the Spanish Central Bank without a valid legal basis. The DPA also found that the controller had not adequately complied with the former customer’s request for access to their personal data. The original fine of EUR 140,000 was reduced to EUR 84,000 due to voluntary payment and admission of responsibility. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR, Art. 15 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 84,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/