BANCO BILBAO VIZCAYA ARGENTARIA, S.A. – €800,000 Fine (Spain, 2023)

€800,000Agencia Española de Protección de Datos20 October 2023Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Banco Bilbao Vizcaya Argentaria, S.A. was fined €800,000 because they failed to block a customer's banking products after she lost her handbag. This allowed unauthorized people to access her account and transfer money. The case highlights the importance of companies taking proper security measures to protect customer data.

What happened

Banco Bilbao Vizcaya Argentaria, S.A. failed to block a customer's banking products after she reported losing her handbag.

Who was affected

The customer whose handbag was lost and whose banking products were accessed by unauthorized individuals.

What the authority found

The Spanish DPA found that the bank did not implement adequate security measures to protect personal data.

Why this matters

This case shows that companies can face significant fines for not securing customer information properly. It serves as a reminder for businesses to prioritize data protection to avoid similar penalties.

GDPR Articles Cited

AI-verified

Art. 25 GDPR
Art. 32 GDPR
View original scraped data
Art. 25 GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
amount discrepancy
Spain enforcementAgencia Española de Protección de Datos actionsAll BANCO BILBAO VIZCAYA ARGENTARIA, S.A. actions
Full Legal Summary
Detailed

The Spanish DPA has fined BANCO BILBAO VIZCAYA ARGENTARIA, S.A. EUR 800,000. A customer had lost her handbag, which also contained her bank card. The individual therefore requested the controller to block all banking products. However, the controller failed to comply, which is why it was then possible for third parties to access the individual's bank products and transfer money under false identities. During its investigation, the DPA found that the controller had failed to implement appropriate technical and organizational measures to prevent such a case and protect personal data.

Related Enforcement Actions (2)

Other enforcement actions involving BANCO BILBAO VIZCAYA ARGENTARIA, S.A. in ES

Fine
Jul 2021· Agencia Española de Protección de Datos

On 13 November 2022, a data subject filed a complaint with the Spanish DPA (AEPD) against Banco Bilbao Vizcaya Argentaria, S.A. (the controller). The ...

€120K
Fine
Apr 2023· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on BANCO BILBAO VIZCAYA ARGENTARIA, S.A.. During its investigation, the DPA found that the controller had registere...

€84K
Current
Oct 2023

Fine

€800K

Details

Fine Date

20 October 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€800,000

Enforcement Tracker ID

ETid-2091

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. BANCO BILBAO VIZCAYA ARGENTARIA, S.A. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: