KFC RESTAURANTS SPAIN, S.L. – €25,000 Fine (Spain, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
The Spanish data protection authority fined KFC Spain EUR 25,000 for not having a data protection officer and for missing required privacy information on their website. This matters because businesses must appoint a data protection officer and clearly inform users about data practices to comply with GDPR.
What happened
KFC Spain was fined for not appointing a data protection officer and failing to provide complete privacy information on their website.
Who was affected
Website visitors who were not informed about how their personal data was handled by KFC Spain.
What the authority found
The Spanish authority found that KFC Spain violated GDPR by not having a data protection officer and by not providing all necessary privacy information to users.
Why this matters
This case highlights the importance of appointing a data protection officer and ensuring transparency in privacy practices. Businesses should review their compliance with GDPR requirements to avoid similar penalties.
GDPR Articles Cited
The Spanish DPA has fined KFC RESTAURANTS SPAIN, S.L EUR 25,000. During its investigation, the DPA found that the controller had failed to appoint a data protection officer. In addition, the DPA found that the controller did not provide all of the information required under Art. 13 GDPR on its website.
Related Enforcement Actions (0)
No other enforcement actions found for KFC RESTAURANTS SPAIN, S.L. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
20 April 2023
Authority
Agencia Española de Protección de Datos
Fine Amount
€25,000
Enforcement Tracker ID
ETid-1785
About this data
Cite as: Cookie Fines. KFC RESTAURANTS SPAIN, S.L. - Spain (2023). Retrieved from cookiefines.eu
Last updated: