Exemplary sanction to an SME
Exemplary sanction to an SME
The Spanish Data Protection Agency(AEPD), has published the sanctioning procedure PS/00308/2023, with an exemplary sanction against RAMONA FILMS S.L., in the amount of 193,600 euros.
In this case, the investigation was ex officio by the AEPD, since there might be indications of non-compliance and it was considered necessary to analyze the application of data protection regulations in relation to the use of personal data on the websites managed by this entity. data protection regulations in relation to the use of personal data on the web pages managed by this entity.
More specifically, to analyze the possibility that users under the age of fourteen could access the websites, taking into account that the data processed are related to the life and sexual orientation of the users.
Analysis of the infractions committed:
The reasons for imposing this important sanction should be analyzed by all companies and professionals, in order to internally analyze the consequences of not complying with the Data Protection Regulation.
The infringements that motivate this sanction, by the Spanish Data Protection Agency(AEPD), are the following:
Data processors
The contracts signed with the data processors did not comply with the legal requirements of art. 28.3 RGPD. Penalty: 32,000 euros.
Non-existence of a contract with a data processor, in violation of the requirements of art. 28.3 of the RGPD. Penalty: 40,000 euros.
Data Protection Officer
Confusion of the functions and purpose of the figures of the data processor and the Data Protection Officer, in violation of art. 38.6 of the RGPD. Penalty: 12,000 euros.
There is no record of the designation of a Data Protection Delegate, in violation of art. 37 of the RGPD. Penalty: 8,000 euros.
Use of Cookies
The Cookies Policy does not comply with the legal requirements, violating 22.2 of the LSSI. Penalty: 12,000 euros.
Age control
The mechanism for controlling the age of users of the website were not effective, since there are no additional controls to verify age; in addition, it was found that it is possible to circumvent the age declaration mechanism by accessing the content of the website through the informative cookie window. Infringement of art. 32 of the RGPD. Penalty: 48,000 euros.
Obtaining consent
There is processing of special category data, related to sexual orientation, without respecting the provisions of art. 9. 2 a) of the RGPD.
Failure to obtain the consent of users for the processing of their personal data in the web forms, in violation of Article 6.1 of the RGPD. Penalty: 40,000 euros.
Revocation of consent
The revocation of consent to data processing is not contemplated in the privacy policy, in violation of art. 13 of the RGPD. Penalty: 1,600 euros.
Business Adapter® at your service
If you need help, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]