AEPD (Spain) - PS-00218-2022

From GDPRhub
AEPD - PS-00218-2022
LogoES.jpg
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law: Article 5(1) GDPR
Article 5(1)(f) GDPR
Article 32 GDPR
Art 65 LOPDGDP
Type: Complaint
Outcome: Upheld
Started: 04.08.2021
Decided: 28.10.2022
Published: 22.12.2022
Fine: n/a
Parties: A.A.A
ministry of inclusion, social security and migration
National Case Number/Name: PS-00218-2022
European Case Law Identifier: n/a
Appeal: Not appealed
Original Language(s): Spanish
Original Source: Resolution of sanctioning procedure (in ES)
Initial Contributor: n/a

The Spanish Data Protection agency held that the sending of an email regarding personal data to a not authorised recipient infringes Articles 5 and 32 GDPR.

English Summary

Facts

An Email was missent by the ministry of inclusion, social security and migration. The AEPD charged them under Article 32 and 5 (1) (f) GDPR, but only issued a reprimand.

Holding

The DPA held that the missending of the email infringes the confidentiality in processing of data.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.

On August 4, 2021, A.A.A (hereinafter, the claimant) 2021 filed a complaint before the Spanish Data Protection Agency. The claim is directed against the MINISTRY OF INCLUSION,SOCIAL SECURITY AND MIGRATION. SUBDIRECCIÓN GENERAL DE RECURSOS HUMANOS E INSPECCIÓN GENERAL DE SERVICIOS with Tax Identfication Number S2801449F.