
The creation of company WhatsApp groups without the employee's consent is legitimised
The AEPD ruled that it is valid to include employees in company WhatsApp groups without the need to obtain their consent.
On 9 January, the AEPD's resolution was published, by virtue of which the inclusion of workers…

First European Data Protection Label approved
Europrivacy has been validated by the European Data Protection Board as the first European certification mechanism for compliance with the European Data Protection Regulation. On 10 October the European Data Protection Board…

Sanctions by the AEPD for the use of WhatsApp in breach of data protection legislation
Recently, the AEPD has imposed sanctions on various data controllers for conduct that has in common the use of WhatsApp with data subjects whose personal data protection rights have been violated.
The Spanish Data Protection…

Regulation (EU) 2019/1150: Transparency and fairness obligations for search engines and online intermediation services
Since 12 July, Regulation (EU) 2019/1150 has been directly applicable in all EU member states and entered into force in July 2019
This regulation aims at a more transparent and fairer digital trading environment between…

The taking of temperature and other health data to be treated by companies in the workplace
In order to guarantee the health of employees and prevent the spread of COVID-19 in work centres, companies have been obliged to take a series of measures that must take into account the applicable regulations on personal…

The protection of personal data in a teleworking situation
Recommendations for companies responsible for processing personal data in the face of the teleworking situation in which their employees are operating during the state of alarm decreed to deal with the COVID-19 health crisis.
As…

The obligation to notify the AEPD of security violations within 72 hours persists during the state of alert
The Spanish Data Protection Agency (AEPD) has stated through a publication in its blog that the suspension of the administrative deadlines established in Royal Decree Law 463/2020 does not affect the obligation to notify…

Data management in the face of coronavirus expansion
Analysis of the Report published by the Spanish Data Protection Agency in view of the exceptional situation caused by the spread of COVID-19
In view of the exceptional situation caused by the expansion of COVID-19…

Latest news in the protection of personal data and guarantee of digital rights
Apart from adapting Spanish legislation to Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on…