Continue reading on DataGuidance with:
Free Member
Limited ArticlesCreate an account to continue accessing select articles, resources, and guidance notes.
Already have an account? Log in
Create an account
Join our community for free to access exclusive whitepapers, reports, and regulatory information.
Spain: AEPD fines BBVA €5M for GDPR information and consent failures
The Spanish data protection authority ('AEPD') issued, on 11 December 2020, a resolution in proceedings PS/00070/2019, fining Banco Bilbao Vizcaya Argentaria, SA ('BBVA') €2 million for a violation of Article 13 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and €3 million for a violation of Article 6 of the GDPR. In particular, the resolution highlights that, in relation to the first infraction, BBVA used imprecise terminology to define the privacy policy, and provided insufficient information about the category of personal data processed, especially in relation to customer data obtained through products, services, and channels, among others. In addition, the resolution provides that, in relation to the second infraction, BBVA failed to obtain consent before the sending of promotional SMS messages to a customer and did not have in place a specific mechanism for consent to be obtained by customers and account managers.
You can read the resolution, only available in Spanish, here.
Send us your Feedback!
Please let us know what you think of DataGuidance! It will only take 60 seconds and help us make the site better for you.
