Spain
ENDESA (energy supplyer)
60,000 €
GDPR enforcement action by Spanish Data Protection Authority (aepd) on Unknown.
Rank · Sector
#74
of 165 in Transportation and Energy
Rank · Spain
#167
of 1,071
Rank · All fines
#615
of 3,042
Case details
- Authority
- Spanish Data Protection Authority (aepd)
- Date
- Unknown
- Controller / Processor
- ENDESA (energy supplyer)
- Sector
- Transportation and Energy
- Quoted Articles
- Art. 5 (1) f) GDPR
- Type of violation
- Insufficient legal basis for data processing
Summary
The complainant's bank account was charged by ENDESA, the beneficiary of which was a third party, who had been convicted under criminal law and imposed with a two-year restraining order regarding the claimant, her domicile and work. Instead amending the contract details as requested by the claimant ENDESA deleted her data erroneously and fillid in the data of the third party. The AEPD found the disclosure of the claimant's data to the third party was a severe violation of the principle of confidentiality.
Open original source
Links to the regulator's original publication or another source.
Related fines
Spain
2025-11-06
10,043,002 €
ETid-2962
Aena, S.M.E., S.A.
Transportation and Energy
Spain
2022-05-18
10,000,000 €
ETid-1176
Google LLC
Media, Telecoms and Broadcasting
Spain
2021-03-11
8,150,000 €
ETid-594
Vodafone España, S.A.U.
Media, Telecoms and Broadcasting
Spain
2023-12-27
6,500,000 €
ETid-2532
THE PHONE HOUSE SPAIN, S.L.
Media, Telecoms and Broadcasting
Spain
2023-10-25
6,100,000 €
ETid-2220
ENDESA ENERGÍA, S.A.U.
Transportation and Energy
Spain
2020-12-11
5,000,000 €
ETid-481
Banco Bilbao Vizcaya Argentaria, S.A.
Finance, Insurance and Consulting