CaixaBank, S.A. – €25,000 Fine (Spain, 2023)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
CaixaBank, S.A. was fined EUR 25,000 for not protecting personal data properly. A person complained because they received information from a third party instead of what they requested. This case highlights the importance of having strong security measures to protect customer information.
What happened
CaixaBank failed to provide requested personal information and instead shared data from a third party.
Who was affected
Individuals who requested their personal information from CaixaBank.
What the authority found
The Spanish DPA found that CaixaBank did not implement adequate technical and organizational measures to protect personal data.
Why this matters
This fine shows that companies must take data protection seriously and ensure they have proper security measures in place. Small businesses should review their data handling practices to avoid similar issues.
GDPR Articles Cited
The Spanish DPA has imposed a fine of EUR 25,000 on CaixaBank, S.A.. An individual had filed a complaint with the DPA due to the fact that when they requested information from the controller, they received information from a third party and not the requested information. The DPA found that the controller had failed to implement adequate technical and organizational measures to protect personal data.
Related Enforcement Actions (0)
No other enforcement actions found for CaixaBank, S.A. in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
4 July 2023
Authority
Agencia Española de Protección de Datos
Fine Amount
€25,000
Enforcement Tracker ID
ETid-1953
About this data
Cite as: Cookie Fines. CaixaBank, S.A. - Spain (2023). Retrieved from cookiefines.eu
Last updated: