SUMMARY ON DATA PROTECTION FINES Q2 2022. SPAIN.
THE AMOUNT OF FINES RISES
The amount of the fines imposed by the Spanish Data Protection Agency (AEPD) is around 20.5 million euros in the first half of 2022; two-thirds of the total amount of those imposed during the year 2021.
It is worth mentioning the sanction directed at the technological giant Google in May of this year for a value of 10 million. according to the analyzes of experts in the field, the AEPD is focusing on companies with significant market shares in order to execute an exemplification strategy. Through this roadmap, the authority in charge of ensuring data protection aims to increase the awareness of the Spanish business fabric. Fine the leaders to impact the companies in the sector that operate by seeing themselves reflected in them.
CAUSES OF THE MOST COMMON VIOLATIONS
Given this escalation in privacy fines, it is interesting to analyze the reasons that motivate them. There are three main breaches that bring together the more than 20 million euros in fines avobementioned.
At the top we find breaches of the data minimization rule. The volume of non-productive and therefore, unnecessary personal data that companies accumulate is enormous. Hence, data minimization is one of the priorities for regulators. Why store sensitive non-useful data? The solution lies in the elimination or anonymization of this data, thus avoiding its potential exposure or fines for not complying with one of the regulatory pillars.
In second place, with 29%, is the illicit treatment of the interested party’s data, which has a lot to do with non-transparent marketing and advertising practices.
Lastly, it highlights the lack of transparency regarding the processing of the data carried out. In this case, the interested party does not have clear and sufficient information to know the purposes of the treatment and the use of their data.
A TREND THAT IS HERE TO STAY
Given the current context, it is expected that the sanctioning escalation will continue in the coming months. The level of awareness of society and companies does not stop growing, either because of the increasingly large sanctions, or because of the importance that privacy is gaining.
2023 is presented as the year of the fifth anniversary of the entry into force of the GDPR, so data protection authorities are expected to intensify their activity after overcoming 5 years of adaptation.
At Nymiz, we offer our clients remediation measures to avoid this type of sanctions that generate a negative impact on the companies’ cash, as well as on their image and reputation. Anonymizing personal data has never been as simple and fast as with Nymiz.