We use cookies to customise content for your subscription and for analytics.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Search results

Order by: most recent most popular relevance



Results: 1-10 of 41

Spanish DPA imposes fines for data breach involving gym members
  • Baker & McKenzie
  • Spain
  • December 5 2012

The Spanish Data Protection Authority (DPA) in Resolution No 008062012 has fined a gym for a data breach violation involving personal data of its members


Security breach notification rules implemented in Spain
  • Baker & McKenzie
  • European Union, Spain
  • December 6 2012

Royal Decree-Law 132012, which incorporates the new European regulatory framework on electronic communications contained in Directive 2009136EC (Citizens' Rights) and Directive 2009140EC (Better Regulation), came into effect on 1 April 2012


Privacy Impact Assessments the sooner, the better!
  • Baker & McKenzie
  • European Union, Spain
  • February 9 2015

The European Commission is currently revisiting the EU Data Protection Framework in order to provide more safeguards for online privacy rights. One


Spain - prison sentence for hacking social networking accounts
  • Baker & McKenzie
  • Spain
  • July 15 2013

The Criminal Court No. 1 of Pamplona has sentenced an individual to one year imprisonment and a twelve-month fine at 6 Euros per day for an offence


Spain- a 2-cm size photo does not qualify as PII
  • Baker & McKenzie
  • Spain
  • July 15 2013

In a case where an individual filed a complaint against an entity for an allegedly data protection infringement, i.e. publishing a photo on the


Spanish Data Protection Agency investigates hospitals
  • Baker & McKenzie
  • Spain
  • May 5 2010

The Spanish Data Protection Agency (SDPA) has initiated an investigation to examine whether hospitals in Spain comply with data protection regulations, especially with those regarding the security and confidentiality of health-related information and how the rights of access, rectification, cancellation and objection of patients are attended to


New “controller to processor” standard contractual clauses effective on 15 May 2010
  • Baker & McKenzie
  • European Union
  • March 15 2010

The European Commission has adopted the Decision of 5 February 2010 updating the standard contractual clauses for the transfer of personal data to processors established in non-EU countries


Deposit of sub-processing agreements to data protection authorities not required
  • Baker & McKenzie
  • European Union
  • October 19 2010

The Article 29 Working Party adopted FAQs intended to address a number of issues raised by the application of the standard contractual clauses for the transfer of personal data to non-EEA-based processors (contractual clauses "controller to processor") and the conditions for sub-processing of personal data between a non-EEA-based processor and non-EEA-based sub-processor


Opt-in mechanisms for behavioural advertising
  • Baker & McKenzie
  • European Union
  • August 10 2010

The Article 29 Working Party has adopted Opinion 22010 on behavioural advertising


New web tool for cross-border tenders
  • Baker & McKenzie
  • European Union
  • April 12 2011

The European Commission has launched the "e-CERTIS" web tool, which is available in 21 official languages