Company owner – €2,000 Fine (Spain, 2021)
General GDPR enforcement action
This case relates to broader data protection obligations, not specifically to cookie or consent banner compliance. It is not included in cookie statistics or the Risk Calculator.
A company owner in Spain was fined EUR 2,000 for not informing a job applicant about how their personal data would be used. The Spanish Data Protection Authority found this violated the applicant's rights under the GDPR. This case emphasizes the importance of transparency in handling personal data during hiring processes.
What happened
A company owner failed to inform a job applicant about the processing of their personal data.
Who was affected
A job applicant who submitted their CV via WhatsApp was affected.
What the authority found
The Spanish Data Protection Authority found the company owner violated GDPR by not providing information about data processing.
Why this matters
This case serves as a reminder for businesses to be transparent about data processing practices, especially during recruitment. It highlights the importance of informing individuals about their data rights under GDPR.
GDPR Articles Cited
The Spanish DPA (AEPD) has imposed a fine of EUR 2,000 on a company owner. A person had applied for a job at the controller's company and sent the controller his CV via WhatsApp. Thereby, he was neither informed about the processing of his personal data nor about his data subject rights. The AEPD considered this to be a violation of Art. 13 of the GDPR.
Related Enforcement Actions (0)
No other enforcement actions found for Company owner in ES
This is the only recorded action for this entity in this jurisdiction.
Details
Fine Date
23 August 2021
Authority
Agencia Española de Protección de Datos
Fine Amount
€2,000
Enforcement Tracker ID
ETid-815
About this data
Cite as: Cookie Fines. Company owner - Spain (2021). Retrieved from cookiefines.eu
Last updated: