Close this search box.
AI-based solution designed to automate personal data discovery and classification
Discover personal data across multiple systems in the cloud or on-premise
Harbor cooperation between DPO, Legal Services, IT and Marketing
Turn data subject request into an automated workflow with a clear insight into data every step of the way
Collaborate with stakeholders and manage DPIA and LIA in real-time with Assessment Automation
Guide your partners trough vendor management process workflow
Identifying the risk from the point of view of Data Subject
Quickly respond, mitigate damage and maintain compliance
Consolidate your data and prioritize your relationship with customers
Privacy portal allows customers to communicate their requests and preferences at any time
Introducing end-to end automation of personal data removal

Latest Blog posts

Learn the terms

General Data Protection Regulation

Here you can find the official content of the Regulation (EU) 2016/679 (General Data Protection Regulation) in the current version. All Articles of the GDPR are linked with suitable recitals.

Latest papers

GDPR fine: AEDP issues €3M fine to Caixabank Spain

GDPR fine AEDP issues €3M fine to Caixabank Spain

On 21 October 2021, the Spanish data protection authority (AEPD) issued a decision to fine Caixabank Payments & Consumer EFC, EP, S.A.U., €3 million for unlawful processing of personal data and violation of Article 6 of the General Data Protection Regulation (GDPR).

Following the complaint from the individual, AEPD conducted an investigation against Caixabank back in 2019.

The investigation uncovered that Cixabank requested information about the individual from the solvency file, even though the individual had no ongoing contracts with the bank.

The individual was also included in the bank’s marketing campaigns for a pre-granted credit, without proper consent and without providing adequate information about the data processing, including profiling, or the legal basis used to carry out such processing.

Moreover, all this happened even though the relationship with the former client was formally ended in 2014 with the termination of all existing contracts.

The Caixabank stated that the personal data of the individual was included in a campaign of pre-granted credits by mistake.


The AEPD concluded that there were some aggravating factors when deciding the value of the fine, including the volume of business of Caixabank, the status of a large entity, the demonstrated negligence, the nature, severity, and duration of the offense among other factors.

In addition to the steep €3 million fine, the AEPD also imposed a six-month compliance period on Caixabank to adapt their procedures for consent collection for commercial purposes.

Request a Data Privacy Manager demo

Let us navigate you through the Data Privacy Manager solution and showcase functionalities that will help you overcome your compliance challenges.

Scroll to Top