NBQ Technology, S.A.U. – €12,000 Fine (Spain, 2021)

€12,000Agencia Española de Protección de Datos12 March 2021Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

NBQ Technology was fined EUR 12,000 by the Spanish data authority for approving a loan using someone else's personal data without permission. This matters because it highlights the importance of verifying identities before processing sensitive information. Businesses should ensure they have a legal basis for using personal data to avoid similar penalties.

What happened

NBQ Technology approved a loan using personal data obtained by an identity thief without proper authorization.

Who was affected

The affected individuals were those whose personal data was used without their knowledge to apply for a loan.

What the authority found

The Spanish data authority found that NBQ Technology lacked a legal basis for processing the personal data, violating GDPR requirements.

Why this matters

This case serves as a reminder for companies to verify the identity of individuals before processing their data, especially in financial transactions. It underscores the need for robust identity verification processes to prevent unauthorized data use.

GDPR Articles Cited

Art. 6(1) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll NBQ Technology, S.A.U. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has fined NBQ Technology, S.A.U. EUR 20,000. An identity thief had obtained the data of a third party without authorization and applied for a microcredit from the controller under pretence of the data subject's identity. The controller then approved the loan. Since the data processed in the course of granting the loan did not belong to the loan recipient, but to the data subject, the AEPD determined that the controller did not have a legal basis for processing the data. The processing was therefore unlawful, and a breach of Art. 6 (1) GDPR was affirmed. The original fine of EUR 20,000 was reduced to EUR 12,000 due to immediate payment and admission of responsibility.

Related Enforcement Actions (1)

Other enforcement actions involving NBQ Technology, S.A.U. in ES

Current
Mar 2021

Fine

€12K

Fine
Dec 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has fined NBQ Technology, S.A.U.. A data subject filed a complaint with the DPA against the company after they had denied him a...

€24K

Details

Fine Date

12 March 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€12,000

Enforcement Tracker ID

ETid-596

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. NBQ Technology, S.A.U. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: