Following a complaint from a customer of the same company, the Spanish data protection authority (AEPD) published its decision in Proceeding No. PS-00183-2022, in which it imposed a fine of €25,000 on CaixaBank, S.A. for a violation of Article 16 of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).
📌 Background
The AEPD specifically underlined that the complaint had claimed that CaixaBank had failed to respond to their personal data rectification request in a timely and acceptable manner. Furthermore, the AEPD added that the complainant claimed CaixaBank had not corrected their address, which was visible on CaixaBank’s home banking web platform.
📌The AEPD’s findings
Following its inquiry, the AEPD determined that CaixaBank had violated Article 16 of the GDPR by failing to change the complainant’s address and rejecting several rectification requests.
The Spanish data protection authority (AEPD) published its decision in Proceeding No. PS-00183-2022, in which it imposed a fine of €25,000 on CaixaBank, S.A. for a violation of Article 16 of the General Data Protection Regulation (Regulation (EU) 2016/679) (GDPR).
📌 Outcomes
The Spanish Data Protection Authority (AEPD) imposed a fine of EUR 25,000 on Caixa Bank S.A. for a violation of Article 16 of the GDPR following a complaint by a customer of the same company. The sanction resulted from the failure of the company to update the complainant’s address, ignoring the multiple rectification requests sent by the same
As a result, the AEPD fined CaixaBank €25,000 for violating Article 16 of the GDPR.
The judgment, which is only available in Spanish, can be found here.
🗣 Latest update
The AEPD rejects Caixabank’s appeal. On 3 November 2022, the AEPD issued its judgment dismissing CaixaBank’s appeal of the AEPD’s decision in Proceeding No. PS-00183-2022.
The ruling, which is only available in Spanish, can be seen here.
