Spain: AEPD fines Equifax Iberica €75,000 for GDPR violations
The Spanish data protection authority ('AEPD') issued, on 9 June 2020, a resolution ('the Resolution') in proceeding No. PS/00451/2019 against Equifax Iberica, S.L., fining the company €75,000 for violating Article 6(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Resolution outlines that an individual complainant requested via email the deletion of their data from the National Association of Financial Credit Institutions' ('ASNEF') file. In addition, the Resolution highlights that Equifax Iberica responded that the exercise of the complainant's right was excessive and did not proceed with the deletion. As a result, the Resolution states that Equifax Iberica's conduct amounted to a violation of Article 6(1)(f) of the GDPR, since the company did not comply with the obligation established under Article 20(1)(c) of Organic Law 3/2018, of 5 December 2018, on the Protection of Personal Data and Guarantee of Digital Rights, which provides for the data to remain blocked for 30 days.
You can read the Resolution, only available in Spanish, here.