Open Bank, S.A. – €2,500,000 Fine (Spain, 2023)

€2,500,000Agencia Española de Protección de Datos28 July 2023Spain
final
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

Open Bank, S.A. was fined €2.5 million for not providing a secure way for customers to submit sensitive documents. A customer complained after being asked to send proof of payment via email, which is not safe. This case shows that banks must take strong measures to protect personal data.

What happened

The bank was penalized for failing to implement secure methods for customers to submit sensitive information.

Who was affected

Customers of Open Bank, S.A. who were required to provide sensitive documents for compliance checks.

What the authority found

The Spanish Data Protection Authority found that the bank did not take necessary steps to protect personal data, violating GDPR requirements.

Why this matters

This fine underscores the importance of data security in financial institutions. Companies must ensure they have secure processes for handling sensitive customer information.

GDPR Articles Cited

AI-verified

Art. 25 GDPR
Art. 32 GDPR
View original scraped data
Art. 25 GDPR
Art. 32 GDPR

Original data from scraper before AI verification against source document.

Source verified 5 March 2026
verified correct
Spain enforcementAgencia Española de Protección de Datos actionsAll Open Bank, S.A. actions
Full Legal Summary
Detailed

The Spanish DPA has fined Open Bank, S.A. EUR 2,5 million. A data subject had filed a complaint with the DPA after being asked to provide proof of origin for payments on their account to ensure compliance with anti-money laundering regulations. However, the controller did not provide a secure mechanism for submitting this information, but requested the data subject to submit the documents by email. The DPA therefore found that the controller had failed to take appropriate technical and organizational measures to protect personal data, which would have been necessary given the sensitivity of the data concerned.

Related Enforcement Actions (0)

No other enforcement actions found for Open Bank, S.A. in ES

This is the only recorded action for this entity in this jurisdiction.

Details

Fine Date

28 July 2023

Authority

Agencia Española de Protección de Datos

Fine Amount

€2,500,000

Enforcement Tracker ID

ETid-2201

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Open Bank, S.A. - Spain (2023). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: