Details:
| Summary | The Spanish DPA has imposed a fine of EUR 72,000 on Eurocollege Oxford English Institute S.L.
The data subject stated that they had signed a training contract with the affiliated school Centro De Estudios Aeronauticos, S.L. (CEAE). Prior to enrolment, CEAE required the complainant to undergo a medical examination with the presentation of a medical certificate, complete a health declaration with personal health information and present a police clearance certificate. However, during its investigation, the DPA found that the personal information requested by CEAE was neither necessary nor required by law. The controller therefore had no valid legal basis to process the requested data. |
| Link: | link |
| Related articles: | Art. 5 (1) c) GDPR, Art. 6 (1) GDPR, Art. 9 (2) GDPR |
| Type: | Non-compliance with general data processing principles |
| Fine: | EUR 72,000 |
| Sector | Public Sector and Education |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/