General Data Protection Regulation 9000 euros fine - A company is sanctioned with 9,000 euros for publishing on its website and social networks photos of a worker without his consent.

Posting photos of a worker without their permission can be a sanction for companies; ignoring requests to remove these images can be even more expensive.

Instagram Facebook is what has happened with a company dedicated to training, which has been sanctioned with 9,000 euros for these reasons: data processing without consent (6,000 euros penalty for this) and not meeting the requirements to remove publications (3,000 euros) from its website and social networks (Facebook and Instagram, in this case).

The events took place from 2017 but lasted until the end of 2020; in between there were two requests to attend to the right of deletion of data and a claim of the interested person before the Spanish Agency for Data Protection (AEPD), according to Cinco Días.

Given these facts, the AEPD has considered that 2 infringements have been committed: first, for violating Article 6 ("lawfulness of processing") of the General Data Protection Regulation (RGPD), to be treated without the consent of the person; on the other, the violation of Article 17 ("right of deletion") of the same regulation, for not attending to the requests in this regard.

General Data Protection Regulation 9000 euros fine

Some acts to which the aggravating circumstances of the duration (from 2017 to 2020), the amount and the scope are added, since they were published in two social networks and the website, collects the medium.

Article 6 of the General Data Protection Regulation states that "the processing will only be lawful if at least one of the following conditions is met":

a) the data subject consented to the processing of his / her personal data for one or more specific purposes.
b) the processing is necessary for the performance of a contract to which the data subject is a party or for the application at the request of the latter of pre-contractual measures.
c) the processing is necessary for compliance with a legal obligation applicable to the controller.
d) the processing is necessary to protect vital interests of the data subject or another natural person.
e) the processing is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the controller.
f) processing is necessary for the purposes of legitimate interests pursued by the controller or by a third party, provided that on such interests are not overridden by the interests or fundamental rights and freedoms of the data subject which require protection of personal data, in particular where the data subject is a child (this shall not apply to processing carried out by public authorities in the exercise of its functions).

Promotional marketing material brand identity PHOTOGRAPHER

RGPD and General Data Protection Regulation 9000 euros fine

On the other hand, article 17 of the RGPD versa on the right to erasure or "right to be forgotten", and stated "the data subject shall have the right to obtain without undue delay from the controller the erasure of personal data concerning him or her, which you will be obliged to remove without undue delay, personal data under any of the following circumstances".

These conditions are given when:

a) the personal data are no longer necessary in relation to the purposes for which they were collected or otherwise processed.
b) the data subject withdraws the consent on which the processing is based in accordance with Article 6 (1) (a) or Article 9 (2) (a), and this is not based on another legal basis.
(c) the data subject objects to processing pursuant to Article 21 (1) and other legitimate grounds for processing do not prevail, or the data subject objects to processing pursuant to Article 21 (2).
d) the personal data have been unlawfully processed.
(e) the personal data must be deleted in order to comply with a legal obligation laid down in Union or Member State law which applies to the controller.
f) the personal data have been obtained in connection with the offer of information society services referred to in Article 8 (1).

The news around General Data Protection Regulation 9000 euros fine

In addition, it adds that 'where it has made the personal data public and is obliged under paragraph 1 to delete such data, the controller, taking into account the technology available and the cost of its implementation, shall take reasonable measures, including technical measures, with a view to informing the controllers who are processing the personal data of the data subject's request to delete any links to, or copies or replications of, such personal data'.

Corporate Away Days Wellbeing At Work delivers your team the opportunity to experience TEAM AWAY DAYS
General Data Protection Regulation 9000 euros fine

1st SERP Business News brought to you by TuneMyWebsite

TuneMyWebsite

1st impression SEO

Social Media Marketing strategy

SEM search

Search Engine definition

Business Market Research benefits insights


Use Create Website business email domain


Keywords Search Engine Optimisation techniques


Startup Brand Identity design guidelines templates


UK Digital Marketing Services advertisement checklist


Companies Marketing SEO services strategy courses


Latest business companies TuneMyWebsite News


Small businesses Online Marketing Services services


Next level traffic sales Upgrade Website SEO



Start-up Marketing Agency near me


Local Digital Marketing Agencies in the UK


Benefits of Search Engine Marketing services


Read and learn the FREE TuneMyWebsite Tutorials


Consultant SEO Agencies UK wide solutions


Strategies Companies Digital Marketing England Wales


Affordable International Marketing Search Engine services


Example Marketing Services for small businesses


Market study Online Advertising programme

Read our Cookies policy here


We are governed by this Disclaimer that you should read


Our official SiteMap is here