Spanish Data Protection Authority (AEPD)

In a cautionary decision for companies handling personal data, the Spanish Data Protection Authority (AEPD) issued a substantial fine to a telecommunications distributor following a significant data breach. In April 2021, the company at the center of the case had been targeted by a ransomware attack using Babuk malware, which encrypted files and interrupted operations. When the company refused to pay the ransom, cybercriminals published the personal data of around 13 million individuals on the dark web, exposing affected users to serious risks of fraud and identity theft.Continue Reading When Data Breaches Cost Twice – AEPD’s Landmark Fine Shows That Being the Victim of a Cyberattack Doesn’t Excuse GDPR Failures

In February 2023, Spain implemented Directive (EU) 2019/1937 (although it did not become fully applicable until December of that year) by means of Law 2/2023, of February 20, 2023, regulating the protection of persons who report regulatory violations and the fight against corruption (the “Law”). The Law, which requires all public and private organizations (with more than 50 employees or simply operating in certain sectors, even if they have fewer employees) to implement a whistleblowing system, has raised some doubts from a data protection perspective.Continue Reading Never Beyond the Law – the Spanish AEPD’s Position on the Processing of Whistleblower Data

The Spanish antitrust regulator, the Comisión Nacional de los Mercados y de la Competencia (CNMC), has joined the proposed “State Pact” for protecting Spanish children from harmful content online and in social media. The CNMC joins the Spanish Data Protection Authority and Attorney General’s Office, as well as civil society and UN bodies, in supporting the proposal to develop long-term approaches to online safety.  Continue Reading The Spanish Antitrust Authority (CNMC) Follows the Spanish Data Protection Authority (AEPD) and Joins Forces with Other National and International Institutions to Protect Minors on the Internet and in Social Networks