Vodafone España, S.A.U. – €21,000 Fine (Spain, 2019)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
Vodafone España was fined €21,000 for keeping and using a customer's personal data long after their contract ended. This is important because it shows companies must delete personal data when it's no longer needed.
What happened
Vodafone España processed a former customer's personal data years after their contract had ended.
Who was affected
The former customer whose personal data, including bank details and identification number, was kept by Vodafone España.
What the authority found
The Agencia Española de Protección de Datos fined Vodafone España for processing personal data without a valid legal basis after the contractual relationship had ended.
Why this matters
This case emphasizes that companies must not retain personal data longer than necessary. It sets a precedent that businesses should regularly review and delete outdated customer information.
GDPR Articles Cited
Vodafone had processed personal data of the claimant (bank details, name, surname and national identification number) years after the contractual relationsid had ended. The fine of EUR 35.000 was reduced to EUR 21.000.
Related Enforcement Actions (20)
Other enforcement actions involving Vodafone España, S.A.U. in ES
Fine
€21K
Details
Fine Date
1 January 2019
Authority
Agencia Española de Protección de Datos
Fine Amount
€21,000
Enforcement Tracker ID
ETid-130
About this data
Cite as: Cookie Fines. Vodafone España, S.A.U. - Spain (2019). Retrieved from cookiefines.eu
Last updated: