Penalties for data protection breaches increase

Featured News


The protection of personal data is becoming increasingly complex, especially since the approval of the General Data Protection Regulation (GDPR) in force since May 2018, in addition to the approval of the new Law on Data Protection and Guarantee of Digital Rights in December of the same year, the already existing Law on the Information Society and Electronic Commerce, and the European regulation project regarding the use of cookies.

Since 2018, the increase in the difficulty of processing personal data derived from new national and European legislations has led to an increase in sanctions for breach of data protection in Europe, particularly in Spain. The Spanish Data Protection Agency (AEPD) has intervened over 295 times, each with a corresponding sanction, making it one of the most active data protection agencies in the European Union.

According to data published on the agency’s own website, it is estimated that the AEPD has collected approximately 23,462,000 euros in the first eight months of 2021. The penalties

Imposed on Spanish businesses have affected all types of businesses, without size distinction, due to infringements ranging from non-notified data breaches to emails without a hidden copy. This is in part because, as a result of remote working, all companies have been forced to adapt their operations systems to this new reality but they have failed to adequately update established policies and procedures.

Internationally, a few countries are joining the implementation and/or updating of data protection laws. Among them are China, which has already passed its data protection law (Personal Data Protection Law -PIPL-), and Singapore, which has updated its Personal Data Protection Act (PDPA).

At UHY Fay & Co we have a team specialized in helping companies comply with the different regulations regarding the protection of personal data to reduce the chances of non-compliance with the different regulations. If your company has not yet managed to properly renew its data protection strategy, we will be happy to assist you.

Related Services



Income Tax (IRPF) updates 2023

We review the main updates affecting the Personal Income Tax (IRPF) declaration for the 2023…
información fiscal de empresas y sociedades

Tax Content in a Company´s Annual Report: ¿Should I Include It?


Transferring the registered office of a foreign company to Spain

Royal Decree-Law 5/2023 transposes several European Union Directives on structural modifications, regulating both the transfer…

New developments in the notification of lawsuits to companies by telematic means

RD-Law 6/2023 of 19 December has entered into force this week, on 20 March 2024.…