In principle, these claims must be asserted with the control authority of the country of residence or domicile of the person concerned. But in an increasingly globalized world, where most processing takes place across borders, the new regulation introduced a single-window system.
In this way, cooperation and coherence mechanisms are foreseen between the control authorities of the different Member States. As a general rule, companies and organizations are subject to the control authority at their main place of business, even if the complaint has been filed with a control authority in another country.
It is important to point out that data subjects must be informed about this right, which will help them to contact the control authority. In addition, the control authorities are obliged to provide forms so that the interested parties can make these types of claims.
IMPORTANT SANCTIONS
The new regulation also gives wide-ranging powers to control authorities, including the Spanish Data Protection Agency (AEPD), which will be empowered to:
• Instruct the person in charge of the file or the person in charge of its treatment (or their representative) to provide all the information necessary for the performance of their duties.
• Conduct investigations in the form of privacy audits.
• Check the certifications issued.
• Gain access to the controller’s or responsible person’s premises (including treatment equipment and agents) in accordance with the rules of procedure.
• Appoint the person in charge or the person in charge of the treatment to stop the infringing behavior, order the deletion or rectification of the data or the limitation or termination of the treatment.
Likewise, the powers of these authorities in the field of sanctions are very far-reaching. The new fines provided for in the aforementioned regulation can amount to up to 20,000,000 euros or 4% of turnover. In less serious cases, however, the fine can be replaced by a warning or a reprimand.
THE ADVICE OF EXPERTS
Antonio Linares Gutierrez
Attorney of the Legal Counsel Forum Rechtsanwälte
With the new regulation, more than knowing how to act in the face of a complaint, it is knowing what to do before it arises. It is precisely this proactive and non-reactive character that the European legislator wants to promote. In this way, the data controller is encouraged to foresee the problem and to be able to demonstrate to the AEPD that it has done everything in its power to protect and protect the complainant’s personal data.
If, upon receipt of the complaint, an appropriate GDPR compliance policy has not been implemented, there is little more we can do than cooperate with the AEPD, providing as many records, documents and information as they request and of course entrusting ourselves to the knowledge of one this matter specialized lawyer.
jordi diaz jose
Director of the JDA/SFAI Advisory Division
Anyone whose personal data you may have can report it to the Spanish Data Protection Agency if you find that it does not comply with the regulations.
Reporting is very easy and even cheaper; It only costs a stamp (or not even that if you submit it online) and does not require an attorney or appearing in person at a proceeding.
It is common for the AEPD inspectors to appear at their facilities or receive a request for information on the reported facts.
There is little to do at this point as the violation has already been committed and reported. Do not hinder the inspection action or you will commit another violation. On the contrary, be cooperative; It can help reduce the possible penalty.
James Feliu
LOPD Advisor at DG Legal
Many customers ask us, particularly due to the application of the RGPD, whether the relevant control authority, in this case the AEPD, imposes sanctions.
Of course, checks are carried out and sanctions are also carried out. In fact, the resolutions can be viewed on the AEPD website itself. Of course, in most cases these measures are preceded by a complaint from a citizen and not an official act by the control authority.
In the event of a complaint, we must comply with the request of the AEPD, which may request information or prior documentation or appear in person at the facilities of the notified body, prior notice and always respecting the necessary deadlines. Given the magnitude of the penalties, it’s important to ensure we meet all commitments.
E-commerce has led to growth in the number of SMEs and freelancers
Pridatect: SaaS to comply with data protection law
Is it a business to set up a climbing wall for climbers?
Opinions on their WordPress hosting plans
Steps to starting a catering business
7 business ideas that challenge the conventional in mature markets
9 smart expenses that will make you a millionaire in the long run
Entrepreneurship or dedication? Learn how to get started in the business world
Names for pizzerias options to choose from!
Lessons for success from a youngster and a veteran
The 10 Best Books on Economics and Management
Key to the presentation of corporate income tax
10 Funeral Equipment Business Ideas That Will Impress You
Microsoft Forms Guide
How to be successful in business
How to make your dream of earning money without working come true
On-demand audiovisual content aggregator
Spanish startups that will transform factories
“Forget to sign the bank”
Your innovative project in the field of defense and security can become a winner of the II FEINDEF Foundation Awards
Fly breeding or the unbelievable secret market of 5,000 million euros
Mesut Özil: one of the great entrepreneurs in the football world
Get in as a confectioner and get out as a programmer
II Forum «Albacete Capital of Entrepreneurs»
will you do it First ask yourself: Who is your customer?
How to stop being a loser You are not a failure!
Collecting cards is very expensive
The presence of an angel investor can help boost your business
Games to encourage creativity in offices with little imagination
