CYNGASA, S.L. – €5,000 Fine (Spain, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
CYNGASA, S.L. was fined EUR 5,000 for sharing a person's personal data with another company without permission. The shared data included sensitive information like the person's social security number. This case is important because it shows that companies must get consent before sharing personal data with others.
What happened
CYNGASA, S.L. shared a person's personal data, including their social security number, with a third party without consent.
Who was affected
The individual whose personal data, including their social security number, was shared without their consent.
What the authority found
The Spanish DPA fined CYNGASA, S.L. for sharing personal data without a valid legal basis, violating GDPR's consent requirements.
Why this matters
This ruling highlights the necessity for companies to obtain clear consent before sharing personal data with third parties. It serves as a reminder to review data-sharing practices to ensure compliance with privacy laws.
GDPR Articles Cited
The Spanish DPA (AEPD) has imposed a fine of EUR 5,000 on CYNGASA, S.L.. The data subject, when requesting a work report, discovered that the controller had disclosed his personal data to a third party company without his consent. The data involved included among others first and last name as well as his social security number.
Related Enforcement Actions (0)
No other enforcement actions found for CYNGASA, S.L. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
29 September 2021
Authority
Agencia Española de Protección de Datos
Fine Amount
€5,000
Enforcement Tracker ID
ETid-855
About this data
Cite as: Cookie Fines. CYNGASA, S.L. - Spain (2021). Retrieved from cookiefines.eu
Last updated: