Details:
| Summary | The Spanish DPA (AEPD) has fined a property owners’ community EUR 1,200. A property manager had sent a copy of the general meeting minutes to the director of the security company ‘CMM Seguridad’. The document the said document contains the names and addresses of residents, a list of defaulters and the accounts with all income and expenses of the community.
According to the controller, the purpose of sending the minutes in question to the security company was to inform them about the members of the Board of Directors appointed at the respective ordinary general meeting. Therefore, the controller should have limited to only providing this information or to transmitting the minutes document after it had been duly anonymized. For this reason, the DPA notes that the transmission of the full minutes would not have been necessary. |
| Link: | link |
| Related articles: | Art. 5 (1) c) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 1,200 |
| Sector | Individuals and Private Associations |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/