Company – €1,200 Fine (Spain, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A Spanish company was fined €1,200 for using personal data in a way that didn't match the original purpose it was collected for. This case matters because it shows that companies must stick to the reasons they say they are collecting data. Small businesses should ensure their data use aligns with their stated purposes to avoid penalties.
What happened
The Spanish DPA fined a company for misusing personal data beyond its original purpose.
Who was affected
Individuals whose personal data was used by the company for a different purpose than initially stated.
What the authority found
The authority determined that the company violated data protection rules by not using personal data as originally intended.
Why this matters
This case serves as a reminder that businesses must be transparent about their data use. Companies should regularly review their data practices to ensure compliance with legal requirements.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA has imposed a fine of EUR 1,200 on a company. The controller used personal data for a purpose, which did not align with the initial purpose. The original fine of EUR 2,000 was reduced to EUR 1,200 due to immediate payment and admission of responsibility by the controller.
Related Enforcement Actions (7)
Other enforcement actions involving Company in ES
Fine
€1K
Details
Fine Date
1 September 2025
Authority
Agencia Española de Protección de Datos
Fine Amount
€1,200
Enforcement Tracker ID
ETid-2867
About this data
Cite as: Cookie Fines. Company - Spain (2025). Retrieved from cookiefines.eu
Last updated: