GDPRFinance

CaixaBank

€6,000,000

Authority

AEPD

Country

Spain

Date Issued

January 13, 2021

Industry

Finance

Summary

CaixaBank was fined €6 million by the AEPD for processing customer data for commercial purposes without obtaining valid consent following its merger with Bankia. The company unlawfully used customer information for marketing and other commercial activities without establishing a proper legal basis.

Violation Types

ConsentData ProcessingLegal Basis

Articles Violated

Art. 6 GDPRArt. 7 GDPR

View original enforcement decision

Related Enforcement Actions

Meta Platforms Ireland

DPC · GDPR · May 22, 2023

€1.2B

Amazon Europe Core

CNPD · GDPR · July 16, 2021

€746M

X Corp

DPC · GDPR · December 1, 2023

€550M

Meta Platforms Ireland

DPC · GDPR · September 5, 2022

€405M

Meta Platforms Ireland

DPC · GDPR · January 4, 2023

€390M

Avoid enforcement risk with automated compliance

IQWorks helps organizations automate GDPR compliance before regulators come knocking.

Talk to an Expert