Data protection compliance in Spain: mission impossible?
Spain is well known for having one of the most restrictive data protection regimes in the European Union (“EU”).
It also counts with some of the highest penalties (fines are up to € 600,000 per infringement), and a data protection authority – the Spanish Data Protection Agency (“AEPD”) – with a reputation for being one of the fiercest of the EU. Moreover, the penalties envisaged are not only on paper; they are applied on a regular basis by the AEPD. For instance, in the last years, it has imposed fines of € 450,000, € 900,000 and € 1,400,000.
The mixture of all the above results in a cocktail that is not easy to swallow for companies operating in Spain.
This note aims at helping these companies understand how to meet the Spanish data protection requirements.