RECENT changes to the Spanish Data Protection Act (Ley de Protección de Datos or “LOPD”) and the ancillary Royal Decree that sets out security measures for personal data, implemented pursuant to EU Regulation 2016/679, has added a new level of complexity to an already intricate law.
Data protection legislation has been around for many years and its main aim has been to ensure that personal data is processed lawfully, fairly and in a transparent manner. Individuals have under these new laws many rights – rights of access to data, to have their data deleted, to be forgotten or the right to withdraw consent – just to name a few.
Ask anyone with a company and they will confirm one thing, it is an absolute minefield.
As a result, companies offering advisory services on implementation and supervision of procedures have flourished. But let’s leave the niceties of the law for another article and offer a glimpse of the horrors of being fined under it:
- €4,000 fine imposed on car rental company Europcar for issuing a contract with incorrect client details
- €15,000 fine issued to a company for revealing excessive data of employees while negotiating work conditions with unions
- €20,000 fine issued to an IT company for sending communications to a mailing list revealing the addresses listed (using cc instead of bcc)
- €60,000 imposed on an advertising company for sending commercial offers to customers whose personal details had been received without authorization and consequently, in breach of data protection laws
- €1,2 million fine given to Facebook for obtaining personal information from their members about creed, gender, ideology as well as browsing data, without clearly informing them of its purpose or use
Larger companies have been getting away with this for years as in practical terms, it does not terribly affect them financially (although reputation may be eroded). It is however the shop owner – and the office above it – that need to spend a good weekend reading about it and seeking professional assistance. Good luck!