Data protection: Million dollar fines imposed by the AEPD

A few weeks ago, the Spanish Data Protection Agency (AEPD) imposed the highest sanction ever recorded (two fines totaling 5 million euros) for violations of the General Data Protection Regulation (RGPD).

The sanctioning procedure was opened in response to complaints from individuals who reported having received commercial communications via SMS without having given consent without respecting data protection.

The AEPD agrees with the complainants and concludes that there was no consent to send any promotional campaign. Moreover, apparently, the entity did not use the appropriate terminology to define its privacy policy.

In the month of January we also knew of another sentence, in this second case, individuals were obliged to accept the new conditions regarding the protection of personal data, which consisted of the transfer of their personal data to all companies of the group. The AEPD concluded that it had been incurred in two ways:

  • Violation of the principle of transparency due to a lack of information to customers on data protection.
  • Illegal data processing and invalidity of the mechanisms for obtaining consent.

Even though it is a very complex issue, at Peris we make a significant effort to comply with data protection regulations, which today is fundamental when it comes to dealing with clients. These types of resolutions help us to review, learn and keep up to date with regard to data protection and compliance with the RGPD.