The Spanish data protection authority (AEPD) has published its decision in case number PS-00388-2022, which resulted in a €25,000 fine for CaixaBank, S.A. for breach of the GDPR. It all started with a complaint from one of the bank’s customers.
The complainant claimed that after requesting access to his data, CaixaBank provided him with the personal data of a third party. To make matters worse, the bank had not previously verified the identity of the person to whom the data had been given.
Following an investigation, the AEPD found that CaixaBank had breached Article 32(1) of the GDPR by failing to apply adequate data security measures. This led to the security incident described above.
As a result, AEPD imposed a fine of €25,000 on CaixaBank. This is a reminder to all companies of the importance of applying appropriate security measures and strictly complying with the provisions of the GDPR.