AGENCIA ESTATAL DE ADMINISTRACIÓN TRIBUTARIA (AEAT) – Violation Found (Spain, 2020)

The claim was initiated by an employer who, when he wanted to register a worker in the Social Security system and requested the reduction of the contribution, was refused on the grounds that the claimant was not up to date with his tax obligations, since the tax agency's files contained the notation "fiscal offense". The Tax Agency recognized that the lack of updating of data was due to an error, and proceeded to solve and update the data processing systems. Is the lack of accuracy when processing personal data by the tax authorities an infringement of Article 5 (1) (d) GDPR? The AEPD agreed to impose a penalty for infringement of Article 5 (1) (d) for lack of accuracy in the processing of personal data, due to an out-of-date data processing system. As regulated in article 77 LOPDGDD it will be agreed that the sanction corresponds to a "warning" when the entity sanctioned is a public administration. Furthermore, due to the updating of systems and other measures that have been carried out in the processes carried out by the sanctioned entity, the AEPD did not consider it necessary to impose other types of corrective sanctions.