Details:
| Summary | The bank kept personal data of a data subject for several years, even after the data subject was no longer a customer. The data was also accessible to bank employees during this time. This constituted a violation of the principle of purpose limitation. |
| Link: | link |
| Related articles: | Art. 5 (1) b) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 50,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/