Support Centre

You have out of 5 free articles left for the month

Signup for a trial to access unlimited content.

Start Trial

Continue reading on DataGuidance with:

Free Member

Limited Articles

Create an account to continue accessing select articles, resources, and guidance notes.

Free Trial

Unlimited Access

Start your free trial to access unlimited articles, resources, guidance notes, and workspaces.

Spain: AEPD fines HM Hospitales €48,000 for GDPR violations

The Spanish data protection authority ('AEPD') issued, on 25 February 2020, a resolution ('the Resolution') in proceedings PS/00187/2019, fining HM Hospitales 1989, S.A. €48,000 for violating Articles 5(1)(a) and 6(1)(a) of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'). In particular, the Resolution outlines that a complainant argued that at the moment of his admission in the hospital he had to fill a form including a checkbox indicating that, in case he did not tick the same, he agreed to the transfer of his data to third parties. In addition, the Resolution highlights that the form provided by HM was not compliant with the GDPR since consent was obtained through the inaction of the data subject. As a consequence, the Resolution imposes a fine of €48,000 against HM.

You can read the Resolution, only available in Spanish, here