Marbella Resorts S.L. – €4,200 Fine (Spain, 2021)

€4,200Agencia Española de Protección de Datos6 July 2021Spain
reduced
Fine

The Spanish DPA fined Marbella Resorts EUR 4,200 for mishandling a guest's personal data. A concierge copied a guest's data without authorization, which later appeared on an adult website. This case highlights the need for strict data handling procedures in businesses to prevent unauthorized access and data breaches.

What happened

A concierge at Marbella Resorts copied a guest's personal data without authorization, leading to its online exposure.

Who was affected

A hotel guest whose personal data was improperly copied and exposed online.

What the authority found

The Spanish DPA found Marbella Resorts failed to properly manage customer data, violating GDPR's data handling requirements.

Why this matters

This ruling stresses the importance of training staff and implementing strict data management protocols to prevent unauthorized data access. Businesses must ensure that only authorized personnel handle personal data to avoid breaches.

GDPR Articles Cited

Art. 28(3) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll Marbella Resorts S.L. actions
Full Legal Summary
Detailed

The case involves unauthorized data handling by a concierge, unrelated to cookies or consent mechanisms.

Violations (1)

Misleading Banner Messaging
critical

The cookie banner uses misleading language to trick or pressure users into accepting cookies (dark patterns).

Art. 7 GDPR

Related Enforcement Actions (0)

No other enforcement actions found for Marbella Resorts S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Similar Cases

Enforcement actions with similar violations

Website operator

2023 · Agencia Española de Protección de Datos

€1K

Pagamastarde S.L.

2021 · Agencia Española de Protección de Datos

€3K

BANKIA, S.A.

2021 · Agencia Española de Protección de Datos

€50K

UNIVERSIDAD A DISTANCIA DE MADRID, S.A.

2021 · Agencia Española de Protección de Datos

€3K

GOOGLE LLC

2025 · Commission Nationale de l'Informatique et des Libertés

€200.0M

Details

Fine Date

6 July 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€4,200

Enforcement Tracker ID

ETid-762

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Marbella Resorts S.L. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: