Details:
| Summary | BBVA had no legitimate basis for processing the data of the data subject and had therefore infringed Article 6(1) of the GDPR, since the company processed solvency and credit information files without a prior contractual relationship with the data subject. |
| Link: | link |
| Related articles: | Art. 5 GDPR, Art. 6 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 24,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/