Details:
| Summary | The Spanish DPA has imposed a fine of EUR 200,000 on CAIXABANK PAYMENTS & CONSUMER EFC, EP, S.A.U.. The controller had included the data subject’s personal data in a credit reporting register without a sufficient legal basis. The controller justified this with alleged debts that the data subject had with the controller. In fact, however, the parties were still involved in ongoing court proceedings. |
| Link: | link |
| Related articles: | Art. 6 GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 200,000 |
| Sector | Finance, Insurance and Consulting |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/