The Spanish data protection authority is the first in Europe to set up regulations for data protection officer certification schemes. The rules explain in detail what someone will need to demonstrate and do in order to become a DPO in the country.
The French DPA (CNIL) and Spanish DPA (AGDP) have issued two guides for data processors, namely “Règlement européen sur la protection des données: un guide pour accompagner les sous-traitants” and “ Directrices para contratos responsable – encargado” respectively.
Google is pleased to announce that the Spanish Data Protection Agency (“Agencia Española de Protección de Datos” or “AEPD”) has issued a decision confirming that the guarantees established by the contractual commitments provided by Google for the international transfers of data to U.S. connected to its G Suite and Google Cloud Platform (GCP) services are adequate. Therefore, the international transfers to U.S. under such contractual commitments are deemed authorized by the AEPD provided the conditions established by the AEPD’s decision are met.
14 September 2017 The Spanish data protection authority (‘AEPD’) announced, on 11 September 2017, that it had issued a decision in which it fined Facebook, Inc. €1.2 million for serious violations of the Organic Law 15/1999 of 13 December on the Protection of Personal Data (‘the Law’) (‘the Decision’).
Facebook made three serious or very serious privacy violations under Spanish law, the country’s regulator said as it fined the firm $1.44m.
20 July 2017 The Spanish data protection authority announced, on 13 July 2017, that it had instituted a data protection officer certification scheme (‘the Scheme’) in collaboration with the National Accreditation Entity in light of the General Data Protection Regulation (GDPR).
Spain’s Supreme Court has ruled against an appeal by runner Marta Dominguez which claimed that blood-doping tests had violated her right to privacy.
On 11 May 2017 the Spanish data protection authority (AEPD) in association with ISMS Forum Spain, published, a code on data protection best practices in relation to Big Data. It provides an analysis of the current legal framework and of the implications associated with the use of Big Data in light of the General Data Protection Regulation.