Details:

Summary BBVA had no legitimate basis for processing the data of the data subject and had therefore infringed Article 6(1) of the GDPR, since the company processed solvency and credit information files without a prior contractual relationship with the data subject.
Link: link
Related articles:  Art. 5 GDPR, Art. 6 GDPR
Type: Insufficient legal basis for data processing
Fine: EUR 24,000
Sector Finance, Insurance and Consulting

 

All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/

Tags: case law