ORANGE BANK, S.A. SUCURSAL EN ESPAÑA – €200,000 Fine (Spain, 2025)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Orange Bank in Spain was fined €200,000 for not protecting customer data properly. The bank failed to ensure that it had the right security measures in place, which led to a data leak. This case highlights the importance of strong data protection practices for companies handling large amounts of personal information.
What happened
Orange Bank did not implement necessary security measures to protect personal data, resulting in a data leak.
Who was affected
Customers of Orange Bank whose personal data was compromised in the leak.
What the authority found
The Spanish DPA found that Orange Bank violated GDPR by not ensuring adequate technical and organizational measures for data protection.
Why this matters
This ruling emphasizes that companies must take data security seriously, especially when handling large volumes of personal data. Other businesses should review their data protection practices to avoid similar penalties.
GDPR Articles Cited
View original scraped data
Original data from scraper before AI verification against source document.
The Spanish DPA (AEPD) has imposed a fine of EUR 200,000 on ORANGE BANK, S.A. SUCURSAL EN ESPAÑA. The AEPD reacted to multiple complaints of private individuals regarding a data leak. ORANGE BANK (the controller) used a data processor for the processing of personal data. ORANGE BANK was unable to ensure that necessary technical and organizational measures had been taken, resulting in the infringement of Art. 5 (1) f) GDPR. Additionally, the AEPD decided that the present infringement is particularly serious, due to the fact, that ORANGE BANK processes large amounts of data resulting in an increased demand towards the internal processes regarding data protection and security. Lastly the AEPD ordered ORANGE BANK to bring their processes into compliance with the GDPR within 6 months after the decision becomes final and enforceable.
Related Enforcement Actions (0)
No other enforcement actions found for ORANGE BANK, S.A. SUCURSAL EN ESPAÑA in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
14 February 2025
Authority
Agencia Española de Protección de Datos
Fine Amount
€200,000
Enforcement Tracker ID
ETid-2585
About this data
Cite as: Cookie Fines. ORANGE BANK, S.A. SUCURSAL EN ESPAÑA - Spain (2025). Retrieved from cookiefines.eu
Last updated: