Details:
| Summary | The Spanish DPA (AEPD) has imposed a fine of EUR 25,000 on Master Distancia S.A.. The controller had included personal data of the data subject in a credit report register without sufficient legal basis. The controller justified this with alleged debts the data subject had with the controller. In fact, however, the parties were still in arbitration. Accordingly, the controller had no authorization to include the data subject’s data in the register. The original fine of EUR 25,000 was reduced to EUR 20,000 due to immediate payment. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 20,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/