AEPD (Spain) - PS/00257/2020

From GDPRhub
Revision as of 16:47, 15 January 2021 by Papasla (talk | contribs)
AEPD - PS/00257/2020
LogoES.jpg
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law: Article 37 GDPR
LOPDGDD
Type: Investigation
Outcome: Violation Found
Started:
Decided:
Published: 11.01.2021
Fine: None
Parties: Ayuntamiento de Arroyomolinos
National Case Number/Name: PS/00257/2020
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Spanish
Original Source: AEPD (in ES)
Initial Contributor: n/a

The Spanish DPA (AEPD) issued a reprimand to the Spanish municipality Ayuntamiento de Arroyomolinos for lacking a DPO for more than two years after the entry into force of the GDPR.

English Summary

Facts

Ayuntamiento de Arroyomolinos was found lacking a DPO. The defendant has provided the measures it has in the meantime adopted: with a service contract from 28.09.2020 a DPO has been appointed.


Dispute

Was this municipality under the obligation of appointing a DPO?


Holding

The Spanish DPA recalled that the public administrations act as controllers for the processing of personal data and on some occasions as processors. As a result, they are subject to the GDPR and must fulfill all its obligations, including the obligation to appoint a data protection officer. This obligation had to be fulfilled starting from 28.05.2018, the date of entry into force of the GDPR. The Spanish DPA issued a reprimand to Ayuntamiento de Arroyomolinos for violating Article 37 GDPR. The reprimand was issued by virtue of the power conferred by Article 58(2)(b) GDPR.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.