The Spanish Data Protection Agency sanctions a well-known electronic retailer due to violation of its employees' privacy The Spanish Data Protection Agency ("SDPA") has imposed a penalty of € 10.000 to an electronic retailer for selling in 2013 a second-hand hard drive containing personal data of its employees. Said penalty is the result of a procedure that began with the consumer's claim filed by a well-known Spanish Consumer Protection association arguing that the hard drive purchased had already been used when it was supposed to be new. In view of this situation, the Consumer Protection association carried out an investigation and found out that the said hard drive contained personal data of the electronic retailer's employees. In response to this, the Consumer Protection association filed a claim before the SDPA stating that the electronic retailer had committed an obvious infringement of the applicable data protection law. Three years after the filing of the claim, the SDPA has ruled that the security of the employees' personal data has not been guaranteed by the retailer due to the ineffective and insufficient implementation of the security measures set forth in the Data Protection Legislation. Given this, the SDPA finally ruled that the retailer had committed a serious infringement and imposed a penalty of € 10.000. For more information, please contact Raul Rubio, Patricia Perez, Rosario Alvarez, Ignacio Vela, Alvaro Ubeda or Cristina Monereo.