Spain
The maximum penalty, levied for severe violations, can reach up to 4% of the global annual turnover or EUR 20,000,000.-, depending on which amount is greater. This regulation incorporates a flexible approach, recognizing the varied nature and seriousness of potential violations. Conversely, the Spanish DP Law maintains a parallel structure while introducing specific provisions tailored to the Spanish legal context. Although aligned with the GDPR's fundamental core principles, it establishes distinct rules regarding the imposition of penalties within the Spanish territory, including the determination of specific fine amounts. These reflect Spain’s commitment to effectively addressing data protection breaches at the national level." While the GDPR lays out general criteria for imposing fines —taking into account factors such as the nature, severity, and duration of the violation— the Spanish DP Law adapts these criteria to ensure consistency with the Spanish legal system. It provides a mechanism for authorities to assess breaches in light of the specific circumstances that may arise within Spain's regulatory framework. For instance, Spanish DP Law establishes a statute of limitations for penalties depending on the amount of the fine, with limitation periods ranging from one (1) to three (3) years." Therefore, while the fundamental concept of imposing penalties for data protection breaches remains consistent throughout the GDPR, the Spanish DP Law contains
particularities to ensure an effective, contextually relevant application of sanctions within its jurisdiction. 9.2. Consequences and penalties for other violations and non- compliance Conclusion In conclusion, the examination of the Spanish DP Law in contrast to the General Data Protection Regulation (GDPR) has revealed several distinctive features that underscore the specific approach and nuanced framework established by Spanish legislation. Below is a summary of the most significant differences: A. Different Age of Consent: Spanish DP Law has introduced a distinctive age threshold for the valid consent of minors, setting it at the age of 14 years. This deviation from the GDPR's uniform age requirement reflects Spain's emphasis on tailoring regulations to specific cultural and social contexts. B. Designation of a Data Protection Officer (DPO) for Public Authorities: Spanish regulations uniquely mandate the appointment of a DPO for all public authorities and entities, regardless of their size. This proactive measure reflects a commitment to enhancing accountability and compliance within the public sector.
https://lopez-iborabogados.com/en/
Made with FlippingBook - PDF hosting