The Spanish Data Protection Agency (“AEPD”) has recently announced a series of Resolutions imposing fines on companies in different sectors, based on the violation of the GDPR and the guiding principles of personal data protection. Resolution No. PS/00104/2020, published on July 10, established a fine of 55 thousand euros to the communication company Xfera Móviles, for violation of the principles of confidentiality and integrality of personal data, in particular to articles 5 and 32 of the GDPR. On the same date, Resolution No. R/00296/2020 imposed a fine in the amount of 5 thousand euros on the company Global Business Travel Spain SLU, for not establishing minimum technical and organizational measures for information security, in accordance with article 32 of the GDPR.
The Spanish Authority also fined the gym Fitness Holiday & Franchising SL, by means of Resolution No. PS/00135/2020, in the amount of 5 thousand euros, for violation of the principle of transparency in contracts with clients, as provided for in article 13 of the GDPR. In addition, Resolution No. PS/00139/2020 established a fine of 12 thousand euros for the telecommunications company Vodafone España, due to the violation of the principle of personal data quality, provided for in article 5 of the GDPR.
Lean more at: Full Resolution No. PS/00104/2020
Full Resolution No. R/00296/2020