We use cookies to customise content for your subscription and for analytics.
If you continue to browse Lexology, we will assume that you are happy to receive all our cookies. For further information please read our Cookie Policy.

Search results

Order by: most recent most popular relevance



Results: 1-10 of 41

Spain- data processor fined for breaching consent rule
  • Baker & McKenzie
  • Spain
  • December 1 2014

The Spanish National Court (ruling dated 28 February 2014) upheld a 6,000 sanction imposed on a data processor due to infringement of the consent


Spanish data protection authority to Safe Harbor firms: EU Model Clauses still accepted
  • Baker & McKenzie
  • Spain
  • November 11 2015

The Spanish Data Protection Agency sent out letters dated October 29, 2015 to companies that are registered with the DPA and that rely on Safe Harbor


Spain - 20,000 euros fine for breaching a statutory health data retention period
  • Baker & McKenzie
  • Spain
  • October 21 2013

The Spanish DPA (Resolution R032122012 dated March 1, 2013) imposed a 20,000 fine on a company for breaching a health data retention period


Sanction for obstructing the inspection function of the Spanish DPA
  • Baker & McKenzie
  • Spain
  • February 15 2013

The Spanish National Tribunal (judgment 2 November 2012) upheld a fine of 200,000 Euros imposed on a company by the Spanish DPA (resolution


Minors and loyalty cards
  • Baker & McKenzie
  • Spain
  • May 24 2010

In response to a query on the processing of personal data of minors who are provided with loyalty cards, the Spanish Data Protection Agency (SDPA) advised that, unlike minors over 14 years of age who may give a valid consent to the processing of their personal data, the processing of personal data of minors under 14 requires the consent of their parents or guardians


Deposit of sub-processing agreements to data protection authorities not required
  • Baker & McKenzie
  • European Union
  • October 19 2010

The Article 29 Working Party adopted FAQs intended to address a number of issues raised by the application of the standard contractual clauses for the transfer of personal data to non-EEA-based processors (contractual clauses "controller to processor") and the conditions for sub-processing of personal data between a non-EEA-based processor and non-EEA-based sub-processor


New “controller to processor” standard contractual clauses effective on 15 May 2010
  • Baker & McKenzie
  • European Union
  • March 15 2010

The European Commission has adopted the Decision of 5 February 2010 updating the standard contractual clauses for the transfer of personal data to processors established in non-EU countries


The Spanish Data Protection Regulation may be infringing the EU Data Protection Directive
  • Baker & McKenzie
  • European Union, Spain
  • September 27 2010

The Spanish Supreme Court has referred a question for a preliminary ruling to the European Court of Justice (ECJ


Employee geolocalisation
  • Baker & McKenzie
  • Spain
  • November 2 2010

According to Article 2 of Directive 200258EC on Privacy and Electronic Communications, "location data" means any data processed in an electronic communications network, indicating the geographic position of the terminal equipment of a user of a publicly available electronic communications service


Mandatory electronic communications with the Spanish Tax Agency starting 1 January 2011
  • Baker & McKenzie
  • Spain
  • February 18 2011

Under the Royal Decree 13632010 of October 29, 2010, certain entities will be required to receive communications and notices from the Spanish Tax Agency through electronic means