Spain is the European country that penalizes the most businesses for violating the GDPR: here’s why

Spain is the European Union country that imposes the most sanctions on businesses for violating the General Data Protection Regulation (RGDP), community regulation on this matter. This is shown in data collected by eRadar, an Artificial Intelligence tool that specializes in this type of information, and which coincide with Spanish Data Protection Agency (AEPD) figures.

However, although the number of Spanish businesses failing to comply with data protection regulations is the highest in Europe since their enactment, in 2018, total number of sanctions under other countrieswhere fines are heavier because of the size of the company that committed the violation.

So, according to the eRadar tool, which uses Artificial Intelligence to gather this information, Spain has collected 51.3 million euros in sanctions since the entry into force of the GDPR, in 2018. Ahead are other countries in the European sphere, such as Great Britain (64.8 million euros); Italy, with 105.9 million; France, with 274.9; Luxembourg -746.2 million-; and Ireland, which topped the ranking due to the presence of major technology firms in the country, achieving 941.2 million euros in sanctions.

Most of the sanctions were imposed last year

Information collected by Artificial Intelligence shows how many businesses have yet to adapt to the GDPR, despite the fact that it has been in effect for five years. In this case, Spain is the country that has imposed the most sanctions since 2018, 491, for a total of 51.3 million euros. Over the past year alone, 283 were reached, more than half of the total.

In 2022, the Spanish Data Protection Agency (AEPD) imposed sanctions with a total value of 23 million euros. Of the total, 178 sanctions were less than 5,000 euros, which shows that most of these relate to misdemeanors, which are often committed by the self-employed and small businesses.

Three out of ten 31.45% related to the installation of video surveillance cameras in businessesaccording to the data provided by the AEPD itself according to the year 2022. Behind it is the sanction of a data protection breach in services provided via the Internet and for the shipping business advertise by e-mail or mobile.

Entrepreneurs who install video surveillance cameras in their businesses must report their presence

As the data provided by the AEPD shows, most of the sanctions are imposed on Spanish businesses for violating the European Union’s GDPR relating to the installation of video surveillance cameras in your place of business, warehouse or office. Especially for violating the obligation to inform its whereabouts or the conservation period of the pictures taken.

The EU General Data Protection Regulation therefore establishes a set of requirements that all businesses must comply with when installing video surveillance cameras, for example, to control the security of their shop windows at night or the possibility of theft during their opening hours.

  • Video surveillance images must be included in the record of data processing activities.
  • Must report the presence of the cameraas well as the purpose of shooting, with regulatory signage -found on the AEPD website-.
  • The consent of the client will not be required to install this type of camera, provided the regulations are followed.
  • Security cameras can only be placed in places determined by law, their installation in public areas, bathrooms and changing rooms is prohibited. or any site where privacy is considered, as well as on public roads or pointing to a public street.
  • The retention period for images or recordings is one month. After this period, they must be destroyedunless otherwise required by any authority.
  • Access to images from video surveillance cameras should be limited to those in charge of the business or, if necessary, to the security company personnel in charge of the cameras.

AEPD offers businesses two free tools to avoid sanctions

Although most of the sanctions imposed over the past year on businesses fall within the lightest range, of which they amount to only 4,999 euros, the GDPR takes into account that the amount of fines can be up to 20 million in some cases. In this context, entrepreneurs and businesses must take into account all the obligations they must comply with in terms of data protection.

To facilitate this process, the Spanish Data Protection Agency has made available two free tools for freelancers and businesses:

The first is ‘Facilitating GDPR’, which aims to help entrepreneurs and companies comply with this regulation who perform low-risk processing of personal data.

This service is accessible to any company that wants it, but it’s really designed for smaller companies, as those organizations have over four million privately owned files registered, whose managers are SMEs in 90% of cases.

In parallel, AEPD maintains a ‘GDPR Report’ available to businesses a helpline addressed to those responsible for data processing in doubts and questions that may arise from the application of regulations. If a data protection delegate has been appointed, it is they who should carry out the consultations. If this figure is not available, then the entrepreneur must do the management.

Roderick Gilbert

"Entrepreneur. Internet fanatic. Certified zombie scholar. Friendly troublemaker. Bacon expert."

Leave a Reply

Your email address will not be published. Required fields are marked *