AEPD - PS/00473/2019
|AEPD - PS/00473/2019|
|Relevant Law:||Article 5 GDPR|
Article 32 GDPR
Art. 22 Ley de Servicios de la Sociedad de la Información y Comercio Electrónico (LSSI)
|National Case Number/Name:||PS/00473/2019|
|European Case Law Identifier:||n/a|
|Original Source:||AgenciaEspañola de Protección de Datos (in ES)|
English Summary[edit | edit source]
Facts[edit | edit source]
The complainant highlights general non-compliance regarding processing. Just to take a couple of examples, in order to access the workstation, employees are not requested to use login credentials nor password are needed to unlock the screen. Employee can access all type of personal data regardless of their concrete tasks.
Dispute[edit | edit source]
The AEPD must assess whether or not the statements from the complainant are true. In particular if the processing is safeguarded with appropriate technical and organisational measures.
Holding[edit | edit source]
After thorough investigation, the AEPD considers that some statements in the complaint are not - or no longer - accurate.
For example, the controller has convincingly demonstrated that its personnel can now only access those data and resources required to carry out their tasks. Printed manuals and personal data are stored into locked filing cabinets and access to the office is only allowed to authorized personnel. Because of that, the AEPD decided to dismiss this part of the complaint.
The Authority then addresses the second point of the complaint.
Comment[edit | edit source]
Further Resources[edit | edit source]
Share blogs or news articles here!
English Machine Translation of the Decision[edit | edit source]
The decision below is a machine translation of the Spanish original. Please refer to the Spanish original for more details.