Details:
| Summary | The complainant’s bank account was charged by ENDESA, the beneficiary of which was a third party, who had been convicted under criminal law and imposed with a two-year restraining order regarding the claimant, her domicile and work. Instead amending the contract details as requested by the claimant ENDESA deleted her data erroneously and fillid in the data of the third party. The AEPD found the disclosure of the claimant’s data to the third party was a severe violation of the principle of confidentiality. |
| Link: | link |
| Related articles: | Art. 5 (1) f) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 60,000 |
| Sector | Transportation and Energy |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/