utilizar cv candidatos linkedin

Using Candidate CVs from LinkedIn: GDPR Limits in Recruitment

When companies may use LinkedIn profiles or CVs in recruitment and what GDPR limits apply.

Cookie Dark Patterns: When Consent Is Not Valid

What cookie dark patterns are, why they may invalidate consent and a practical checklist for cookie banners.

Consent or Pay: Privacy, Personalised Advertising and the GDPR

What consent or pay means, what the EDPB requires and when consent may not be freely given under the GDPR.

Publishing Images Found on Social Media: GDPR Risks

When reusing images found on social media may breach the GDPR and what companies, media and creators should check.

EU-US Data Privacy Framework: What Companies Should Check

What the EU-US Data Privacy Framework is, when it helps international transfers and what companies should verify.

Rejecting Non-Essential Cookies: What the AEPD Requires

What the Spanish Data Protection Authority requires for rejecting non-essential cookies and how companies should configure banners.

Amendment to Spain’s Data Protection Act: Key Points for Companies

Key points of the amendment to Spain’s Data Protection Act and what companies should review for GDPR compliance.

Loss of an Employee Document and GDPR Breach Notification

Why losing an employee document may be a personal data breach and when employers must assess GDPR notification duties.

Real Estate Agencies and the GDPR Duty to Inform Data Subjects

Why real estate agencies must inform clients about personal data processing and how to comply with GDPR transparency duties.
Corredores en Ámsterdam, Países Bajos.

Fitness Apps and Location Privacy: When Exercise Data Reveals Too Much

How fitness apps and activity maps can reveal sensitive locations, and what users and organisations should do to reduce privacy risks.

Data Is a Fingerprint: Reidentification and Anonymity Risks

Why supposedly anonymous data may still identify people and what organisations should review before sharing or analysing datasets.
Linkedin contactos falsos

LinkedIn Contacts: Privacy, Fake Profiles and Business Risks

Risks of accepting LinkedIn contacts without checking them: fake profiles, phishing, social engineering and professional exposure.
Partidos politicos no podrán usar las opiniones publicadas en redes

Political Opinions and Data Protection: Key Lessons from Spain’s Constitutional Court

Key lessons from the Spanish Constitutional Court ruling on political parties, political opinions and personal data processing.
Consejos para tener un servicio correcto Protección de Datos

How to Choose a Good Data Protection Service for Your Company

Key points for choosing a reliable data protection service: GDPR knowledge, processor agreements, clear deliverables and ongoing support.
ciberseguridad

Cybersecurity Challenges for Businesses: Practical Checklist

Four cybersecurity challenges for businesses and a basic checklist to reduce risks, protect data and respond to incidents.

Subsidised Training Fraud in Spain: How to Detect It

How to detect fraud in subsidised training courses in Spain, what evidence to keep and what to review before applying rebates.
Cómo protegerse de un troyano

How to Protect Against a Trojan: Measures for Businesses and Users

What a trojan is, how it infects devices and how to reduce the risk of data theft, fraud and personal data breaches.
historial clínico

Unauthorised Access to Medical Records: GDPR Risks

Legal risks of unauthorised access to medical records and key GDPR controls for clinics and healthcare providers.
Imagenes de menores en colegios y consentimiento RGPD

Images of Minors in Schools: Consent, Websites and Social Media

When a school may publish photos or videos of students, how to manage consent, social media, families and image removal.
Datos de salud de empleados y confidencialidad en la empresa

Employee Health Data: How to Process It Under the GDPR

How to process employee health data: what the company may know, common mistakes, confidentiality, minimisation and AEPD guidance.
Lista Robinson

Unsolicited Commercial Calls in Spain: AEPD Rules and Risks

When unsolicited commercial calls are lawful in Spain, AEPD requirements, Robinson List impact and risks for companies.
Delegado Protección de Datos

Data Protection Officer: When Appointing a DPO Is Mandatory

When appointing a Data Protection Officer is mandatory, DPO functions, common mistakes and official AEPD, EDPB and LOPDGDD sources.
Plan de igualdad en empresas y registro retributivo

Equality Plan in Spanish Companies: Obligation, Register and LGTBI Measures

Which companies need an equality plan in Spain, what it includes, pay register, salary audit and mandatory LGTBI measures for companies.
canal de denuncias

Mandatory Whistleblowing Channel in Spain: Guide for Companies

Guide to mandatory whistleblowing channels in Spain: affected companies, Law 2/2023 requirements, whistleblower protection and data protection.

Public Wi-Fi Networks: Risks and Tips to Protect Your Data

Risks of using public Wi-Fi networks and tips to protect your data: HTTPS, VPN, fake networks, devices, online banking and remote work.
Ciberseguridad y protección de datos

Cybersecurity for Small Businesses: Common Mistakes and Checklist

Common cybersecurity mistakes in small businesses and a basic checklist: passwords, MFA, backups, updates, permissions and breaches.
Normativa legal en las webs y blogs

Data Protection for Websites and Blogs: Legal Checklist

Data protection checklist for websites and blogs: privacy policy, legal notice, cookies, forms, email marketing and providers.
Qué debes hacer para cumplir con el RGPD como autónomo

GDPR for Self-Employed Professionals: Obligations and Checklist

GDPR guide for self-employed professionals: obligations, basic checklist, provider contracts, security measures and AEPD tools.
Una plantilla formada en protección de datos es la mejor garantía

Employee Data Protection Training: Benefits and Key Content

Why employee data protection training reduces errors, breaches and GDPR risks. Benefits, minimum content and how to document it.
Las brechas de seguridad deben ser notificadas

Data Breach: When to Notify the AEPD and What to Do in 72 Hours

What to do after a personal data breach: when to notify the AEPD, when to inform affected individuals and how to act within 72 hours.
El registro horario y la protección de datos

Working Time Records and Data Protection in Spain

How to implement working time records in Spain while complying with the GDPR: legal basis, employee information, geolocation, biometrics and minimisation.
Nuevo curso sobre cómo detectar fraudes y estafas en internet

Online Fraud and Scams: How to Identify and Avoid Them

Guide to identifying online fraud and scams: phishing, smishing, vishing, fake stores, warning signs and what to do if you fall for one.
Comprar en internet de forma segura

How to Identify a Website You Should Not Buy From

Checklist to detect fraudulent online stores: warning signs, unsafe payments, HTTPS, legal details and what to do if you already paid.

Secure Passwords: Basic Tips to Protect Your Accounts

Tips to create secure passwords, avoid password reuse, use password managers and enable multifactor authentication.
Ventajas de tener una copia de seguridad en la nube

Cloud Backup: Advantages and Good Practices for Companies

Advantages of cloud backup and good practices to protect data, prevent ransomware, comply with the GDPR and restore information on time.
Cómo detectar el phishing

How to Detect Phishing: Warning Signs and What to Do

Guide to detecting phishing: warning signs, checklist before clicking, what to do if you fall for it and prevention measures for companies.
Correo electronico corporativo seguro y proteccion de datos

Secure Corporate Email: 12 Key Measures to Protect Business Data

Corporate email security guide: passwords, MFA, phishing, BCC, encryption, internal policies and breach response.
Plan de igualdad en empresas y registro retributivo

Equality Plan in Spain: Obligations, Salary Record and Fines

Guide to equality plans in Spain: who must have one, diagnosis, salary record, pay audit, negotiation, registration and fines.
Contratos de encargado de tratamiento y revision RGPD

Updating Data Processing Agreements under the GDPR

Guide to reviewing and updating data processing agreements under GDPR: Article 28, providers, subprocessors, security and audits.
Imagenes de menores en colegios y consentimiento RGPD

Images of Children at School: GDPR Fine for Publishing Photos

Guide to publishing images of children at school, consent, photo removal requests, social media, YouTube and GDPR fines in Spain.
Datos de salud de empleados y confidencialidad en la empresa

Employee Health Data: Fine for Sharing Medical Information

Guide to employee health data, GDPR, confidentiality, minimisation and the risks of sharing medical information at work.
Nuevas tecnologias de control empresarial y privacidad laboral

Workplace Monitoring Technologies and Employee Privacy Rights in Spain

Guide to workplace monitoring technologies in Spain: CCTV, geolocation, corporate email, AI, employee privacy and data protection compliance.
Delegado Protección de Datos

Fine for Failing to Appoint a Data Protection Officer in Spain

Guide to when appointing a Data Protection Officer is mandatory in Spain, what the GDPR and Spanish law require, and what fines may apply.
Lista Robinson

Unsolicited Commercial Calls in Spain: AEPD, Robinson List and Fines

Updated guide to unsolicited commercial calls in Spain, the Robinson List, AEPD Circular 1/2023, consent, legitimate interest and fines.
WhatsApp group and GDPR fine for adding someone without consent.

Fine for adding someone to a WhatsApp group without consent

The AEPD fined a sports club 4,000 euros for adding a former user to WhatsApp groups without consent. GDPR lessons for companies.
Lawyer using WhatsApp and a court judgment with personal data, illustrating a GDPR fine in Spain.

Lawyer fined for sending personal data by WhatsApp

A Spanish lawyer was fined for sending a court judgment with personal data by WhatsApp. Key GDPR lessons on legal basis and confidentiality.
Healthcare professional illustrating the right to be forgotten for cancer survivors in Spain.

Right to be forgotten for cancer survivors in Spain

Spain recognises the right to be forgotten for cancer survivors after five years without relapse, limiting discrimination in insurance and mortgages.
Anonymisation and GDPR concept illustrating identification through web browsing patterns.

Identifying people through anonymous web browsing patterns

Anonymous web browsing data can identify people when URLs, habits and clickstream patterns are combined. GDPR lessons for data brokers and analytics.
Twitter metadata and anonymisation concept illustrating privacy risks for users.

Twitter metadata is a privacy nightmare

Twitter/X metadata can reveal behavioural patterns and identify users even when the content of a post appears anonymous.
Legal document with Bitcoin, laptop and private keys illustrating Bitcoin adverse possession and digital ownership.

Can Bitcoin Be Acquired by Adverse Possession? Blockchain, Digital Ownership and the Risk of Confusing Control with Legal Title

Can Bitcoin adverse possession apply in Spain? We explain why blockchain control is not always legal title and what companies with crypto-assets should document.
Data Processing Agreement under GDPR explained visually with controller, processor, security and personal data protection.

Data Processing Agreement under GDPR: when it is required and what it must include

Learn when a Data Processing Agreement is required under GDPR, what clauses it must include, and how to review processors, subprocessors, security, AI and international transfers.
Mesa de trabajo con móvil, documentos legales y ordenador en un contexto de cumplimiento digital empresarial.

Personal tools used for work: what companies should know after the Vivendi/Lagardère ruling

A recent EU General Court ruling confirms that professional communications kept in personal tools may be requested under strict conditions. Here is what companies should review now.
Director de colegio preocupado consultando a abogados de ciberacoso escolar ante crisis de deepfakes

School Cyberbullying Lawyers: The Deepfake Mistake

School Cyberbullying Lawyers: The Deepfake Mistake That Condemns the Principal As school cyberbullying lawyers, we have seen this scene too many times. It is Tuesday morning and a group of families enters your office, visibly upset. They…
Hotel reception checking an ID document, illustrating GDPR limits on keeping copies of guests ID or passports.

Can hotels request a copy of your ID or passport?

The Spanish Data Protection Agency says hotels and lodgings should not request or keep copies of guests ID or passports. Practical GDPR guidance for accommodation businesses.
Dall-e

Data Protection Authorities: Official Links Directory

Worldwide directory of data protection authorities with official links to AEPD, EDPB, European supervisory authorities and international privacy regulators.
Cookie banner and website compliance concept illustrating GDPR cookie fines and consent mistakes.

Real cases of fines for cookies

Real cookie fine cases show common compliance failures: banners, consent, cookie policies and dark patterns. Practical lessons to reduce GDPR risk.

The Equality Officer: Roles, Training and Requirements

In a context where gender equity emerges as a fundamental pillar, the figure of the equality officer positions itself as an indispensable piece within the business ecosystem. Their role extends beyond public bodies or specific projects, integrating…
Fingerprint reader illustrating workplace biometric processing and the AEPD guidance for companies.

Biometric Data Processing in the Workplace: the AEPD Guide

The AEPD treats workplace biometric processing as sensitive. We explain when it may be used, the legal risks and what companies should review.

Special Categories of Data Under the GDPR: Practical Guide

Practical guide to special categories of data under the GDPR: health, biometric, political, religious and sexual orientation data, Article 9 exceptions and safeguards.

Cookie Banner Sanction: Consent, Rejection and AEPD Criteria

Cookie banner sanction: consent, rejection, cookie policy and AEPD criteria to avoid fines for non-compliant cookie banners.

The new US-EU Privacy Framework

The new US-EU privacy framework has arrived. On 10 July, the European Commission adopted the adequacy decision on the US-EU privacy framework. Does the new US-EU Privacy Framework comply with the adequate level of protection? The European…

AEPD Cookie Guide: Key Changes for Websites

AEPD Cookie Guide: accept, reject, configure, non-essential cookies, misleading patterns and adaptation deadline for websites.

Is the end of spam calls?

What does the General Telecommunications Law ("LGT") say about "spam" calls? Is the end of spam calls? The General Communications Law ("LGT") was published on 28 June 2022. In its article 66.1.b) it mentions that end users of interpersonal…

Property agency fined for exposing images of minors

The fine imposed on a property agency for exposing images of minors has highlighted the importance of protecting the rights of minors. An individual filed a complaint with the Spanish Data Protection Agency, with the aim of highlighting the…

How can I record my employees?

Absence of the duty to inform when installing security cameras at work. How can I record my employees? On 18 May 2022, an individual filed a complaint with the Spanish Data Protection Agency against his employer. He installed video surveillance…

Face recognition in exams: Is it proportionate?

The Catalan Data Protection Authority (Autoritat Catalana de Protecció de Dades) has sanctioned the Universitat Oberta de Catalunya for collecting biometric data from its students through face recognition, in order to verify that they were…
multa a orange por fotografiar DNI de sus clientes

Photographing Customer ID Documents: GDPR Risks and Data Minimisation

Why photographing or copying customer ID documents may breach the GDPR and what less intrusive alternatives companies should assess.

ChatGPT in Business: Ally, Risk and Data Protection

How to use ChatGPT in business with data protection criteria: risks, internal policy, personal data and human review.

The advent of Data Clean Room

The purpose of finding a balance between Data Protection and the need to share it is an issue that is constantly in the spotlight. Digital platforms, brands... must have access to user data in order to achieve better performance as closely…

Two Valencian companies fined almost half a million euros for using pirated software

Several companies face fine for illegal software The use of unlicensed software is one of the main threats to digital security in companies. It involves security vulnerabilities for users and companies, giving rise to attempts to invade devices…

Transborder data transfers

The scope of transborder data transfers The publication of the General Data Protection Regulation (GDPR) on May 25, 2016 in the European Union, served as inspiration worldwide for the implementation of data privacy laws. Many countries,…

Free VPNs: Privacy and Security Risks You Should Know

Risks of free VPNs: activity logging, advertising, fake apps, data leaks and a checklist for choosing a reliable VPN.
Situación de acoso laboral

Sexual harassment in the company

Sexual harassment in the company. Last October 7, Organic Law 10/2022, of September 6, on the integral guarantee of sexual freedom, came into force.  In its article 12, it contemplates the commission of crimes and other conducts against…
FUTBOL

Sanction for recording underage soccer match

In procedure PS/00313/2021, the Spanish Data Protection Agency (AEPD) has imposed a fine of €3,000 on a company specialized in recording soccer matches for capturing images of minors without prior consent from their parents. Sanction for…
correo electrónico

Sending an email without blind copy

Is it possible to send emails with addresses without blind copy? Sending an email without blind copy can involve fines.  The AEPD states that email addresses are considered personal data. Therefore, their processing must comply with data…

Lack of information on the processing of personal data

The AEPD imposes penalties to real estate companies of up to 5,000 € for not informing the interested party of the processing of their personal data. Several affected parties have filed complaints to the AEPD, in relation to the use of their…

Video Surveillance in Public Spaces: GDPR Limits for Private Cameras

When private cameras may capture public spaces, AEPD limits and a checklist to reduce GDPR sanction risk.
dominios web robados

How to Recover a Domain Name: Legal and Technical Steps

How to recover a lost, hijacked or third-party domain: evidence, registrar, ICANN, trademarks, legal action and prevention.

Bad References About a Former Employee: Employment and GDPR Risks

Giving bad references about a former employee may create employment, reputational and data protection risks without a valid basis.

Black Friday and Privacy Policy

Does your website comply with the Data Protection Law for Black Friday? The importance of the Privacy Policy of websites On August 26, 2022, an individual filed a complaint to the AEPD against a company for not providing sufficient information…
anteproyecto de ley

Whistleblowing Channel: From Draft Law to Law 2/2023 in Spain

The draft law on whistleblowing channels led to Law 2/2023 in Spain. What changed and what companies should review.
instagram influencers

Advertising through influencers

 theInfluencers, the best tool to reach your target audience. Advertising through influencers. The widespread use of the communication strategy in social networks has allowed brands to reach the public in a very simple way through the so-called…

Cyclist fined for taking pictures of car number

A cyclist was fined for taking pictures of car number Cyclist fined for taking pictures of car number. The Bavarian Data Protection Authority (DPA) found the cyclist's action unlawful. The cyclist's aim was to send the pictures to the police…

Microsoft 365 in Schools: Privacy, Cloud Services and GDPR Lessons

Lessons from the Microsoft 365 schools debate: cloud platforms, minors, contracts, international transfers and GDPR compliance.

The DPO in the European Union

In this article we will analyse the figure of the DPO in the EU (European Union). Javier Sempere Samaniego, Data Protection Officer of the Spanish General Council of the Judicial Power, has prepared for the Spanish Professional Privacy Association…
Digital Markets Act DMA obligations for gatekeepers and core platform services in the EU.

Digital Markets Act DMA: key obligations

The Digital Markets Act DMA regulates gatekeepers and core platform services. Key obligations and practical effects for digital businesses in the EU.
Company WhatsApp groups and use of employees phone numbers under the GDPR.

Company WhatsApp groups and GDPR

When companies can add employees to WhatsApp groups and what the GDPR requires: legal basis, minimisation and confidentiality.
Mandatory whistleblowing channel for companies under Spain Law 2/2023.

Mandatory whistleblowing channel for companies in Spain

Spain Law 2/2023 requires many companies to implement an internal whistleblowing channel with confidentiality, deadlines and data protection safeguards.
Digital Services Act DSA obligations for online platforms and intermediary services in the EU.

Digital Services Act DSA: key obligations

The Digital Services Act DSA is now applicable, setting obligations for online platforms, marketplaces, search engines and intermediary services in the EU.

The ICO condened four companies for making abusive commercial calls.

The ICO condened four companies for making abusive commercial calls. These companies have paid a £370,000 fine, for making more than 800,000 abusive commercial calls to individuals.  These phone calls consisted in offering home repairs. They…