Agencia Española de Protección de Datos – AEPD imposed a €5.000 fine to a #dataprotection #privacy consultancy firm because its webpage, while having a contact form for potential clients, lacked privacy policy and it did not provide the information required by art. 13 #GDPR
The ES DPA also held that it did not matter that the contact form may have not been operative for some time (thus unable to collect #personaldata), because the company also published an email address, where the potential customers could provide personal data to be contacted
The company was also accused of undertaking aggressive practices on data protection because, in the company’s Google+ profile, the company’s logo appeared next to the DPA’s logo, allegedly giving the impression of working in the name or, on behalf of or in collaboration with the DPA. This point was not addressed by the DPA, and it was forwarded to the local unfair competition authority.
The fine was reduced due to, among other things, the company is a micro-sized enterprise.
0 comentarios