Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Spain: AEPD fines BBVA €5M for GDPR information and consent failures

The Spanish data protection authority ('AEPD') issued, on 11 December 2020, a resolution in proceedings PS/00070/2019, fining Banco Bilbao Vizcaya Argentaria, SA ('BBVA') €2 million for a violation of Article 13 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') and €3 million for a violation of Article 6 of the GDPR. In particular, the resolution highlights that, in relation to the first infraction, BBVA used imprecise terminology to define the privacy policy, and provided insufficient information about the category of personal data processed, especially in relation to customer data obtained through products, services, and channels, among others. In addition, the resolution provides that, in relation to the second infraction, BBVA failed to obtain consent before the sending of promotional SMS messages to a customer and did not have in place a specific mechanism for consent to be obtained by customers and account managers.

You can read the resolution, only available in Spanish, here.