Spain: AEPD fines anonymous entity €9,000 for violations of the GDPR
The Spanish data protection authority ('AEPD') issued, on 1 March 2021, a resolution in proceedings PS/00279/2020, fining an anonymous entity €9,000 for violations of Article 6 and 13 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the resolution highlights that the breach of Article 6 of the GDPR resulted from the complaint that the anonymous entity had published a photograph on its website without the consent of the complainant, thereby processing the complainant's data without a valid legal bases. In addition, the resolution further notes that the anonymous entity had not provided the information required to the data subject at the time of collection under Article 13 of the GDPR.
You can read the resolution, only available in Spanish, here.