Spain: AEPD issues blog post on data breach notifications to data subjects
The Spanish data protection authority ('AEPD') issued, on 20 February 2020, a blog post ('the Blog Post') on data breach notifications to data subjects. In particular, the Blog Post outlines that in 2019 data controllers made 20 million notifications of data breaches to data subjects in Spain, that 12,000 notifications to data subjects were ordered by the AEPD, and that the AEPD received 1,500 security breach notifications. In addition, the Blog Post highlights that the obligation to notify data breaches under Article 34 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR') is having a positive impact on, among other things, organisations' management and governance models, transparency, businesses' reputation, and the protection of data subjects' rights and freedoms.
You can read the Blog Post, only available in Spanish, here.