The Spanish data protection authority ('AEPD') published, on 15 November 2022, its decision in Proceeding No. PS/00634/2021, in which it imposed a fine of €100,000, subsequently reduced to €80,000, on Bankinter, S.A., for violations of Articles 5(1)(f) and 32 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following an individual's complaint. Background to the decision In particular, the AEPD noted that the complainant had access to the data of a third party alongside to their personal data, whilst accessing their monthly statement on Bankinter's website. Moreover, the AEPD highlighted that the incident occurred due to an error in managing the ownership of the
News
Spain: AEPD fines Bankinter €100,000 for violating security obligations
November 17, 2022
Summary
The Spanish Data Protection Authority (AEPD) fined Bankinter, S.A. €100,000, reduced to €80,000 for early payment, for breaching the General Data Protection Regulation (GDPR) Articles 5(1)(f) and 32. The fine was a result of a complaint where a client accessed another person's data due to an account management error. The AEPD determined Bankinter failed to maintain adequate security levels and did not implement necessary measures, considering the infringement's nature, seriousness, duration, and the number of affected parties.