Spain is well known for having one of the most restrictive data protection regimes in the European Union (EU). It also counts with some of the highest penalties (fines are up to € 600,000 per infringement), and a data protection authority – the Spanish Data Protection Agency (AEPD) – with a reputation for being one of the fiercest of the EU. Moreover, the penalties envisaged are not only on paper; they are applied on a regular basis by the AEPD. For instance, in the past few years, it has imposed fines of € 450,000, € 900,000 and € 1,400,000.
Fulfillment of the Spanish data protection requirements is not an easy task. However, it is not impossible either. Hogan Lovells has prepared a detailed analysis of key Spanish data protection issue areas—such as consent; disclosures; cookies; access, rectification, cancellation, and objection; and international transfers—to help companies understand Spanish data protection requirements.