HOLY MARY CATHOLIC SCHOOL, S.L. – €12,000 Fine (Spain, 2026)

€12,000Agencia Española de Protección de Datos1 March 2026Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Holy Mary Catholic School in Spain was fined €12,000 for not using Google Workspace for Education properly. They didn't ensure that students could only access necessary tools and failed to inform students and parents adequately. This case highlights the importance of proper data handling in educational settings.

What happened

Holy Mary Catholic School used Google Workspace for Education but failed to implement it correctly.

Who was affected

Students and their parents at Holy Mary Catholic School were affected by the inadequate data handling.

What the authority found

The Spanish DPA ruled that the school did not implement necessary safeguards and failed to inform users properly, violating GDPR requirements.

Why this matters

This ruling emphasizes that educational institutions must take data protection seriously. Schools using online tools should ensure they have proper controls and communication in place.

GDPR Articles Cited

AI-verified

Art. 35(GDPR)
Art. 5(1)(a) GDPR
Art. 6(1) GDPR
View original scraped data
Art. 5(1) a) GDPR
Art. 6(1) GDPR
Art. 35(GDPR)

Original data from scraper before AI verification against source document.

Source verified 23 April 2026
verified correct
Spain enforcementAgencia Española de Protección de Datos actionsAll HOLY MARY CATHOLIC SCHOOL, S.L. actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine of EUR 12,000 on the HOLY MARY CATHOLIC SCHOOL, S.L. The controller, an educational institute, used Google Workspace for Education within its school environment. While the use of the tool may be justifiable under the GDPR, the controller failed to implement it adequately. The controller was unable to ensure that pupils only had access to the tools necessary for study purposes. The controller also failed to adequately inform data subjects and their parents, and to carry out a sufficient DPIA. The original fine of EUR 20,000 was reduced to EUR 12,000 due to immediate payment and admission of responsibility by the controller.

Related Enforcement Actions (0)

No other enforcement actions found for HOLY MARY CATHOLIC SCHOOL, S.L. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

1 March 2026

Authority

Agencia Española de Protección de Datos

Fine Amount

€12,000

Enforcement Tracker ID

ETid-3094

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. HOLY MARY CATHOLIC SCHOOL, S.L. - Spain (2026). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: