AEPD (Spain) - TD/00325/2019: Difference between revisions
No edit summary |
No edit summary |
||
Line 1: | Line 1: | ||
{| class="wikitable" style="width: 25%; margin-left: 10px; float:right;" | {| class="wikitable" style="width: 25%; margin-left: 10px; float:right;" | ||
! colspan="2" |AEPD - TD/ | ! colspan="2" |AEPD - TD/00325/2019 | ||
|- | |- | ||
| colspan="2" style="padding: 20px; background-color:#ffffff;" |[[File:logoES.jpg|center|250px]] | | colspan="2" style="padding: 20px; background-color:#ffffff;" |[[File:logoES.jpg|center|250px]] | ||
Line 10: | Line 10: | ||
[[Category: Spain]] | [[Category: Spain]] | ||
|- | |- | ||
|Relevant Law:||[[Article 15 GDPR]] | |Relevant Law:||[[Article 12 GDPR]] | ||
[[Category:Article | [[Category:Article 12 GDPR]] | ||
[[Article 15 GDPR]][[Category:Article 15 GDPR]] | |||
[[Article 56 GDPR#2|Article 56(2) GDPR]] [[Category:Article 56(2) GDPR]] | |||
[[Article 57 GDPR#1f|Article 57(1)(f) GDPR]] | |||
[[Category:Article 57(1)(f) GDPR]] | |||
|- | |- | ||
|Type:||Complaint | |Type:||Complaint | ||
Line 17: | Line 24: | ||
|Outcome:||Upheld | |Outcome:||Upheld | ||
|- | |- | ||
|Decided:|| | |Decided:||n/a | ||
|- | |- | ||
|Published:|| | |Published:|| 3.02.2020 | ||
[[Category:2020]] | |||
|- | |- | ||
|Fine:||None | |Fine:||None | ||
|- | |- | ||
|Parties:|| | |Parties:||%Helath department of Madrid Vs. Anonymous | ||
|- | |- | ||
|National Case Number:||TD/ | |National Case Number:||TD/00325/2019 | ||
|- | |- | ||
|European Case Law Identifier | |European Case Law Identifier |
Revision as of 09:37, 6 February 2020
AEPD - TD/00325/2019 | |
---|---|
Authority: | AEPD (Spain) |
Jurisdiction: | Spain |
Relevant Law: | Article 12 GDPR |
Type: | Complaint |
Outcome: | Upheld |
Decided: | n/a |
Published: | 3.02.2020 |
Fine: | None |
Parties: | %Helath department of Madrid Vs. Anonymous |
National Case Number: | TD/00325/2019 |
European Case Law Identifier | n/a |
Appeal: | n/a |
Original Language: |
Spanish |
Original Source: | AEPD (in ES) |
The DPA ordered a bank (KUTXABANK S.A.) to respond to a subject access request.
English Summary
Facts
A bank's client complained that they could not exercise their right to access after the bank has blocked his account due to debts. The bank refused to fulfill the request, claiming that it does not process personal data anymore since the account was blocked.
Dispute
Could the controller refuse to answer to a request for access because the requested data is part of a "blocked" account?
Holding
The AEPD found that as there is an ongoing relationship, the bank still holds personal data. The DPA ordered the bank to fulfill the data subject’s request within the ten working days following the decision. It further ordered the company to inform the AEPD during the same time period on its compliance with the decision. Lastly, it decided that the fact that the controller blocked the account cannot is irrelevant and the controller must comply with the request of access, as required by Article 15 GDPR.
Comment
Share your comments here!
Further Resources
Share blogs or news articles here!
English Machine Translation of the Decision
The decision below is a machine translation of the original. Please refer to the Spanish original for more details.
To be completed..