Penalties for data protection breaches increase

Featured News


The protection of personal data is becoming increasingly complex, especially since the approval of the General Data Protection Regulation (GDPR) in force since May 2018, in addition to the approval of the new Law on Data Protection and Guarantee of Digital Rights in December of the same year, the already existing Law on the Information Society and Electronic Commerce, and the European regulation project regarding the use of cookies.

Since 2018, the increase in the difficulty of processing personal data derived from new national and European legislations has led to an increase in sanctions for breach of data protection in Europe, particularly in Spain. The Spanish Data Protection Agency (AEPD) has intervened over 295 times, each with a corresponding sanction, making it one of the most active data protection agencies in the European Union.

According to data published on the agency’s own website, it is estimated that the AEPD has collected approximately 23,462,000 euros in the first eight months of 2021. The penalties

Imposed on Spanish businesses have affected all types of businesses, without size distinction, due to infringements ranging from non-notified data breaches to emails without a hidden copy. This is in part because, as a result of remote working, all companies have been forced to adapt their operations systems to this new reality but they have failed to adequately update established policies and procedures.

Internationally, a few countries are joining the implementation and/or updating of data protection laws. Among them are China, which has already passed its data protection law (Personal Data Protection Law -PIPL-), and Singapore, which has updated its Personal Data Protection Act (PDPA).

At UHY Fay & Co we have a team specialized in helping companies comply with the different regulations regarding the protection of personal data to reduce the chances of non-compliance with the different regulations. If your company has not yet managed to properly renew its data protection strategy, we will be happy to assist you.

Related Services


autonomos societarios

Self-employed corporate: obligation communicate data to Social Security

The obligation for self-employed corporate workers to communicate their data to the Social Security before…
escisiones totales en grupos familiares

Flash on total spin-offs in family groups

The Supreme Court of Castilla y León has recently issued a Resolution confirming the direct…

UHY Fay & Co incorporates Begoña Castillo Velasco as its new Chief Operating Officer

UHY Fay & Co, a leading professional services firm in the top 20 ranking nationwide,…
impuesto sobre el patrimonio en españa

Non residents paying wealth tax in Spain can claim their money back

If you paid Wealth Tax in Spain as Non Resident in the last 4 years…