Spain: Spanish DPA AEPD issues several fines for GDPR violations during June and July 2022

UniConsent

3 min read
Table of contents

Spanish DPA AEPD issues several fines for GDPR violations during June and July 2022.

Spanish DPA AEPD issues several fines for GDPR during June and July 2022Spanish DPA AEPD issues several fines for GDPR during June and July 2022

AEPD fines an individual €300 for a violation of GDPR following a complaint on 1 June 2022

AEPD found that the video surveillance constituted a violation of the data minimisation principle according to Article 5(1)(c) of the GDPR.

The video surveillance system was oriented toward public roads and private areas without any justified cause, harming all affected parties.

On 9 June 2022, AEPD fines an individual €600 for a violation of GDPR following a complaint for having a poorly oriented dome-type camera.

Cameras must be oriented towards the particular space, avoiding intimidating adjoining neighbours with this type of device, as well as surveilling transit areas without just cause.

AEPD fines BBVA €80,000 for confidentiality and security violations on 16 June 2022

16 June 2022, AEPD imposed a fine of €80,000 on Banco Bilbao Vizcaya Argentaria, S.A. ('BBVA') for a violation of GDPR following a complaint submitted by an individual.

The AEPD stated that the complainant's data stored in BBVA's database had been disclosed to a third party when it should have been deleted or anonymised.

The data controller BBVA had failed to take adequate technical and organisational measures to prevent the disclosure of personal data to unauthorised third parties.

AEPD fines Comercializadora Regulada €100,000 for data inaccuracy on 8 July 2022

AEPD imposed a fine of €100,000 on Comercializadora Regulada Gas & Power, S.A. for a violation of GDPR following a complaint on 8 July 2022.

Comercializadora Regulada Gas & Power had sent the complainant's electricity supply contract containing the complainant's personal data to the complainant's old address, but a person had been living at the complainant's old address gained access to the complainant's new address.

Spain: AEPD fines DKV Seguros y Reaseguros €220,000 for violations of confidentiality and security

AEPD imposed a fine of €220,000 on DKV Seguros y Reaseguros, Sociedad Anónima Española for violations of GDPR following a complaint submitted by an individual on 13 July 2022.

The complainant had received 51 emails with medical clearances of unknown individuals from the health insurance company DKV Seguros y Reaseguros, including the individuals' personal data such as names, surnames, and test data, from 16 April 2020 to 9 March 2021 although the complainant had repeatedly brought the situation to the attention of DKV Seguros y Reaseguros.

DKV Seguros y Reaseguros' technical and organisational security measures were not adequate, taking into consideration that the data in question was sensitive.

About UniConsent

UniConsent is a part of Transfon User Experience Platform that serve tens of millions of users per day to provide a seamless experience for both users and publishers in the age of post-GDPR. Contact us to know more: hello@uniconsent.com

Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

Sign up

Get started to make your website and application compliant for EU GDPR, US CPRA, CA PIPEDA etc

Sign up