Owner of a Pharmacy Office – €6,600 Fine (Spain, 2025)

€6,600Agencia Española de Protección de Datos8 May 2025Spain
reduced
Fine

General GDPR enforcement action

This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.

A pharmacy owner in Spain was fined for processing personal data of residents in geriatric centers without proper legal grounds. This case matters because it shows the importance of having clear consent and secure data handling practices. Small business owners should ensure they have the right permissions before using personal data.

What happened

The Spanish data protection authority fined the pharmacy owner for processing data without sufficient legal basis and failing to inform individuals about it.

Who was affected

Residents of geriatric centers whose personal data was processed by the pharmacy without their knowledge.

What the authority found

The authority found that the pharmacy owner violated data protection rules by not having a valid legal basis for processing personal data.

Why this matters

This case highlights the need for businesses to understand their responsibilities regarding personal data. It serves as a reminder that failing to secure consent or inform users can lead to significant fines.

GDPR Articles Cited

AI-verified

Art. 14(GDPR)
Art. 32(GDPR)
Art. 6(1) GDPR
View original scraped data
Art. 6(1) GDPR
Art. 14(GDPR)
Art. 32(GDPR)

Original data from scraper before AI verification against source document.

Source verified 14 March 2026
articles corrected
national law identified
Spain enforcementAgencia Española de Protección de Datos actionsAll Owner of a Pharmacy Office actions
Full Legal Summary
Detailed

The Spanish DPA has imposed a fine on the owner of a pharmacy office. The controller processed data of residents of geriatric centers without a sufficient legal basis. The controller also failed to inform the data subjects about the fact, that the controller processed their data and that they obtained the data from a third party. Lastly, the controller failed to use encrypted email services. Due to acknowledgment and immediate payment, the fine had been reduced to EUR 6,600. The original fine of EUR 11,000 was reduced to EUR 6,600 due to immediate payment and admission of responsibility by the controller.

Related Enforcement Actions (1)

Other enforcement actions involving Owner of a Pharmacy Office in ES

Current
May 2025

Fine

€7K

Fine
May 2025· Agencia Española de Protección de Datos

The Spanish DPA has imposed a fine on the owner of a pharmacy office. The controller processed data of residents of two geriatric centers without a su...

€7K

Details

Fine Date

8 May 2025

Authority

Agencia Española de Protección de Datos

Fine Amount

€6,600

Enforcement Tracker ID

ETid-2639

Sources

About this data

Data: CMS GDPR Enforcement Tracker
Licensed under CC BY-NC-SA 4.0
AI-verified and classified

Cite as: Cookie Fines. Owner of a Pharmacy Office - Spain (2025). Retrieved from cookiefines.eu

Report Inaccuracy

Last updated: