AEPD (Spain) - EXP202102056

From GDPRhub
Revision as of 15:14, 3 April 2023 by Anastasia.tsermenidou (talk | contribs) (Created page with "{{DPAdecisionBOX |Jurisdiction=Spain |DPA-BG-Color=background-color:#ffffff; |DPAlogo=LogoES.jpg |DPA_Abbrevation=AEPD |DPA_With_Country=AEPD (Spain) |Case_Number_Name=EXP20...")
(diff) ← Older revision | Latest revision (diff) | Newer revision → (diff)
AEPD - EXP202102056
LogoES.jpg
Authority: AEPD (Spain)
Jurisdiction: Spain
Relevant Law: Article 5(1)(f) GDPR
Article 30 GDPR
Article 32 GDPR
Article 58(2) GDPR
Article 83 GDPR
Article 99 GDPR
Type: Complaint
Outcome: Upheld
Started:
Decided: 06.01.2023
Published: 06.01.2023
Fine: n/a
Parties: n/a
National Case Number/Name: EXP202102056
European Case Law Identifier: n/a
Appeal: n/a
Original Language(s): Spanish
Original Source: AEDP (in ES)
Initial Contributor: ANASTASIA TSERMENIDOU

The AEPDP stated measures are required to adapt personal data processing to the requirements of the GDPR.

English Summary

Facts

The defendant claimed against the Cabildo de El Hierro for violating articles 5 and 32 of the GDPR. Cabildo certified that on October 18, 2006, the necessary procedures were initiated in the different administrations for the start of the segregation and constitution of the new municipality of El Pinar, on the Island of El Hierro, in accordance with Royal Decree 1690/1986 , of July 11, which approves the Regulation of Population and Territorial Demarcation of Local Entities. Cabildo also indicated sensitive personal data was never published and no consent as a legal basis was needed, since the processing of personal data that took place was for statistical purposes, for a matter of public interest. That time there was not a regulation, regarding the protection of personal data.

Holding

The AEPD noted that the purpose of the transparency portal is to promote the transparency of public activity, ensure compliance with publicity obligations, safeguard the exercise of the right of access to public information and guarantee compliance with good governance provisions; Once these purposes have been fulfilled, action should have been taken on the personal data published in order to minimise them and that they only remain accessible for the time necessary for the purposes of article 5 of the GDPR. Also, according to the AEPD the Recital 171 of the GDPR establishes the obligation that all processing activities should be compliant within a period of two years from the date of its entry into force.Therefore, the Cabildo had to adapt, in the aforementioned period, the treatment that the publication of its acts implies in its transparency profile, to the new data protection regulations, foreseeing a period for the deletion or periodic review of the published data.

Comment

Share your comments here!

Further Resources

Share blogs or news articles here!

English Machine Translation of the Decision

The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details. 

Get to know our institutional, organizational, planning, legal, budgetary and statistical information
Retrieved from "https://gdprhub.eu/index.php?title=AEPD_(Spain)_-_EXP202102056&oldid=31952"
Creative Commons Attribution-NonCommercial-ShareAlike
Powered by MediaWiki