Details:
| Summary | The Spanish DPA (AEPD) has imposed a fine of EUR 1,000 on a company. The controller had used the personal data of a third party in order to obtain a microcredit. The DPA states that the controller lacked a legal basis for the processing and thus violated Art. 6 (1) GDPR. |
| Link: | link |
| Related articles: | Art. 6 (1) GDPR |
| Type: | Insufficient legal basis for data processing |
| Fine: | EUR 1,000 |
| Sector | Not assigned |
All data is based on The CMS’s Law GDPR Enforcement Tracker Source: https://www.enforcementtracker.com/