NBQ Technology, S.A.U. – €24,000 Fine (Spain, 2021)

€24,000Agencia Española de Protección de Datos7 December 2021Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

NBQ Technology was fined €24,000 after approving a loan application made by an identity thief using someone else's data. The Spanish data protection authority found that the company didn't have a legal basis for processing the stolen data. This case highlights the risks of identity theft and the need for companies to verify identities before processing personal data.

What happened

NBQ Technology processed a loan application using data obtained by an identity thief.

Who was affected

The person whose identity was stolen and used to apply for a loan without their knowledge.

What the authority found

The Spanish DPA fined NBQ Technology for processing personal data without a valid legal basis, as required by GDPR.

Why this matters

This ruling highlights the importance of verifying customer identities to prevent identity theft and unauthorized data processing. Companies should strengthen their identity verification processes to comply with data protection laws.

GDPR Articles Cited

Art. 6(1) GDPR
Spain enforcementAgencia Española de Protección de Datos actionsAll NBQ Technology, S.A.U. actions
Full Legal Summary
Detailed

The Spanish DPA (AEPD) has fined NBQ Technology, S.A.U.. A data subject filed a complaint with the DPA against the company after they had denied him a financial transaction due to alleged outstanding payments on a loan. As it turned out, an identity thief had obtained the data subject's data without authorization and applied for a loan from the data controller under pretense of the data subject's identity. The controller then approved the loan. Since the data processed in the course of granting the loan did not belong to the borrower but to the data subject, the AEPD found that the controller had no legal basis for processing the data. The processing was therefore unlawful and a breach of Art. 6 (1) GDPR was affirmed. The original fine of EUR 40,000 was reduced to EUR 24,000 due to the immediate payment and the admission of guilt.

Related Enforcement Actions (1)

Other enforcement actions involving NBQ Technology, S.A.U. in ES

Fine
Mar 2021· Agencia Española de Protección de Datos

The Spanish DPA (AEPD) has fined NBQ Technology, S.A.U. EUR 20,000. An identity thief had obtained the data of a third party without authorization and...

€12K
Current
Dec 2021

Fine

€24K

Details

Fine Date

7 December 2021

Authority

Agencia Española de Protección de Datos

Fine Amount

€24,000

Enforcement Tracker ID

ETid-945

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. NBQ Technology, S.A.U. - Spain (2021). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: