Spanish Data Protection Agency

Privacy Commissioner’s Office Publishes an Inspection Report on the Personal Data System of TransUnion

Retrieved on: 
Monday, January 16, 2023
Compliance, Credit, Office of the Privacy Commissioner for Personal Data, TransUnion, Hong Kong Association of Banks, Personal data, Spanish Data Protection Agency, Review, Policy, Information privacy, Social responsibility, Privacy, Code, Technology, Privacy Commissioner, Company, Collection, Online shopping

Date: 20 December 2022

Key Points: 


Date: 20 December 2022

Ironwood Pharmaceuticals to Present at Upcoming Investor Conferences

Retrieved on: 
Friday, February 19, 2021
Health, General Health, Clinical trials, Research, Science, Pharmaceutical, Biotechnology, Articles, Data security, Data protection, Privacy law, Privacy, Information privacy, General Data Protection Regulation, In Europe, Anonymity, Spanish Data Protection Agency, Consent, Personal data

To access the webcasts, please log on to the Ironwood website approximately 15 minutes prior to the start times to ensure adequate time for any software downloads that may be required.

Key Points: 
  • To access the webcasts, please log on to the Ironwood website approximately 15 minutes prior to the start times to ensure adequate time for any software downloads that may be required.
  • A replay of the webcasts will be available on Ironwoods website for 14 days following the conferences.
  • Ironwood Pharmaceuticals (Nasdaq: IRWD) is a GI-focused healthcare company dedicated to creating medicines that make a difference for patients living with GI diseases.
  • Ironwood was founded in 1998 and is headquartered in Boston, Mass.

Spanish Data Protection Authority (AEPD) imposes fine of 6.000.000 EUR on CAIXABANK, S.A.,

Retrieved on: 
Friday, February 19, 2021
Data security, Privacy, Data protection, Privacy law, Information privacy, Information governance, General Data Protection Regulation, In Europe, Anonymity, Spanish Data Protection Agency, Personal data

The Spanish Data Protection Authority (AEPD) imposed a total fine of 6.000.000 EUR on CAIXABANK, S.A., for unlawfully processing clients personal data (4.000.000 EUR) and not providing sufficient information regarding the processing of personal data (2.000.000 EUR).

Key Points: 
  • The Spanish Data Protection Authority (AEPD) imposed a total fine of 6.000.000 EUR on CAIXABANK, S.A., for unlawfully processing clients personal data (4.000.000 EUR) and not providing sufficient information regarding the processing of personal data (2.000.000 EUR).
  • Consequently, the AEPD concluded that CAIXABANK had violated Articles 13 and 14 of the GDPR.
  • Following Article 83 (5) b of the GDPR, a fine of 2.000.000 EUR was imposed.
  • Any questions regarding this press release should be directed to the supervisory authority concerned.

Spanish DPA imposes fine on Telefónica Móviles España

Retrieved on: 
Wednesday, November 25, 2020
Data security, Data protection, Privacy law, Information privacy, Privacy, General Data Protection Regulation, In Europe, Spanish Data Protection Agency

The Spanish Data Protection Authority (AEPD) imposed a fine of 75.000 EUR on Telefnica Mviles Espaa, S.A.U., for unlawfully processing the claimants personal data by charging them several invoices corresponding to a third person.

Key Points: 
  • The Spanish Data Protection Authority (AEPD) imposed a fine of 75.000 EUR on Telefnica Mviles Espaa, S.A.U., for unlawfully processing the claimants personal data by charging them several invoices corresponding to a third person.
  • The claimant, who wasnt a defendants client, contacted the controller in order to try to solve the situation, without success.
  • The AEPD considered that Telefnica Mviles Espaa, S.A.U., violated Article 6(1) of the GDPR, by processing the claimant's personal data without any lawful basis, and consequently fined the controller.
  • For further information, please contact the Spanish DPA: [email protected]

    The press release published here does not constitute official EDPB communication, nor an EDPB endorsement.

Spanish Data Protection Authority (AEPD) imposes fine on company for not complying with advertisement exclusion

Retrieved on: 
Tuesday, August 18, 2020
Data security, Data protection, Privacy, Privacy law, Information governance, General Data Protection Regulation, In Europe, Data protection (privacy) laws in Russia, Spanish Data Protection Agency, Personal data, DPA, Information privacy

The Spanish Data Protection Authority (AEPD) imposed a fine of 1.200 EUR on a company for calling the data subject, offering them a deal on hotels, while they were included in an advertisement exclusion system.

Key Points: 
  • The Spanish Data Protection Authority (AEPD) imposed a fine of 1.200 EUR on a company for calling the data subject, offering them a deal on hotels, while they were included in an advertisement exclusion system.
  • By joining this system, the data subject exercised their right to object to processing for marketing purposes under Article 21 GDPR.
  • However, the company did not comply with its obligation of consulting the advertisement exclusion system before making a telephone call with marketing purposes in order to avoid processing their personal data.
  • For further information, please contact the Spanish DPA: [email protected]

    The press release published here does not constitute official EDPB communication, nor an EDPB endorsement.

Spanish Data Protection Authority (AEPD) imposes fine of 70.000 EUR on XFERA MOVILES

Retrieved on: 
Tuesday, August 18, 2020
Privacy law, Data security, Privacy, Information privacy, Data protection, Information governance, General Data Protection Regulation, In Europe, Anonymity, Spanish Data Protection Agency, La Prensa, Personal data

The Spanish Data Protection Authority (AEPD) imposed a fine of 70.000 EUR on XFERA MOVILES for disclosing a customers personal data to a third party.

Key Points: 
  • The Spanish Data Protection Authority (AEPD) imposed a fine of 70.000 EUR on XFERA MOVILES for disclosing a customers personal data to a third party.
  • The AEPD considered that this constitutes a breach of the principle of confidentiality, established in Article 5(1)(f) of the GDPR.
  • For further information, please contact the Spanish DPA: [email protected]

    The press release published here does not constitute official EDPB communication, nor an EDPB endorsement.

  • This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes.

Spanish Data Protection Authority (AEPD) imposes fine of 75.000 EUR on VODAFONE ESPAÑA

Retrieved on: 
Tuesday, August 18, 2020
Data security, Privacy law, Data protection, Information privacy, Privacy, General Data Protection Regulation, In Europe, Companies, Spanish Data Protection Agency, Vodafone

The Spanish Data Protection Authority (AEPD) imposed a fine of 75.000 EUR on VODAFONE ESPAA for processing the claimants telephone number for marketing purposes after they had exercised their right to erasure in 2015, in spite of what the data subject was sent advertising SMS.

Key Points: 
  • The Spanish Data Protection Authority (AEPD) imposed a fine of 75.000 EUR on VODAFONE ESPAA for processing the claimants telephone number for marketing purposes after they had exercised their right to erasure in 2015, in spite of what the data subject was sent advertising SMS.
  • The controller stated that the claimant number, being easy to remember, had been used as a dummy number by its employees.
  • The AEPD considered that VODAFONE ESPAA violated Article 6(1) of the GDPR, by processing the claimant's personal data without any lawful basis.
  • For further information, please contact the Spanish DPA:[email protected]

    The press release published here does not constitute official EDPB communication, nor an EDPB endorsement.

The Spanish Data Protection Authority fined the company Iberdrola for not responding to the request for information with 4,000 euros

Retrieved on: 
Monday, June 22, 2020
Civil procedure, Law, Complaint, Iberdrola, Plaintiff, Spanish Data Protection Agency, Companies, Government

Sanction procedure opened for not responding to the request for information made in order to investigate the facts identified in a complaint.

Key Points: 
  • Sanction procedure opened for not responding to the request for information made in order to investigate the facts identified in a complaint.
  • The complainant requested the exclusion of his data from a debts file -Asnef - by an alleged debt to the energy supply company -Iberdrola-.
  • The complaint was transferred to Iberdrola and it was required to forward to the AEPD the information and documents requested in the letter.
  • This press release was originally published by the national supervisory authority and was published here at the request of the SA for information purposes.

Federprivacy: 2019 Fines Were More Than €400 Million in Europe Because of Data Protection Violations

Retrieved on: 
Monday, January 13, 2020
Data security, Privacy law, Information governance, Law, Data protection, Anti-spam, Spanish Data Protection Agency, Data breach, Data protection (privacy) laws in Russia, Information privacy

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.

Key Points: 
  • The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.
  • The strictesthas been the UK (ICO) with 312,000,000 of sanctions (76% of the total).
  • In these countries, there is a European head office of the majority of foreign corporations that are processing personal data on a massive scale.
  • The most frequently fined violations are: illicit use of personal data (44%), poor security (18%), absent or not adequate information (9%), lack of respect for the right of people involved (13%), and computer accidents or other data breach (9%).

Federprivacy: 2019 Fines Were More Than €400 Million in Europe Because of Data Protection Violations

Retrieved on: 
Monday, January 13, 2020
Data security, Privacy law, Information governance, Law, Data protection, Anti-spam, Spanish Data Protection Agency, Data breach, Data protection (privacy) laws in Russia, Information privacy

The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.

Key Points: 
  • The most active Authority for Data Protection was Italy (GPDP) with 30 actions in 2019, followed by Spain (AEPD) with 28, and Romania (ANSPDCP) with 20.
  • The strictesthas been the UK (ICO) with 312,000,000 of sanctions (76% of the total).
  • In these countries, there is a European head office of the majority of foreign corporations that are processing personal data on a massive scale.
  • The most frequently fined violations are: illicit use of personal data (44%), poor security (18%), absent or not adequate information (9%), lack of respect for the right of people involved (13%), and computer accidents or other data breach (9%).