ENDESA

€60K($65K USD)final

Date Issued

1970-01-01

Regulation

GDPR

Authority

Spanish Data Protection Authority (AEPD)

Country

Spain

Violation Type

Non-compliance with lawful basis for data processing

Currency

EUR

Violation Summary

ENDESA erroneously charged the claimant’s bank account, as the beneficiary of the energy supply company’s services was a third party. Upon request of the claimant that her data be deleted, ENDESA handled the data improperly and mistakenly sent it to the third party. Therefore, the AEPD considered that ENDESA had breached the confidentiality principle. It’s worth noting that the third party had been given a 2-year restraining order regarding the data subject.

Articles Violated

Art. 5 (1) f) GDPR

View Source Document →

Other Fines for ENDESA

Date	Regulation	Amount (USD)	Type
--	GDPR	$64,800	Non-compliance with lawful basis for data processing