GDPR fine 75.000 euro to Spanish Equifax Iberica for Insufficient fulfilment of data subjects rights

The Spanish data protection authority – AEPD, issued, on 9 June 2020, a resolution (‘the Resolution’) in proceeding No. PS/00451/2019 against Equifax Iberica, S.L., fining the company €75,000 for violating Article 6(1)(f) of the General Data Protection Regulation (Regulation (EU) 2016/679) (‘GDPR’).

The Data Subject has requested by e-mail the deletion of his data from the file of the National Association of Financial Credit Institutions (“ASNEF”). Equifax Iberica had replied that the exercise of the complainant’s right was excessive due to an earlier request and that therefore the deletion would not be carried out. This was seen as a breach of data subjects rights for erasure under the GDPR as well as a breach of blocking obligations under national data protection laws.

In addition, the Resolution highlights that Equifax Iberica responded that the exercise of the complainant’s right was excessive and did not proceed with the deletion. As a result, the Resolution states that Equifax Iberica’s conduct amounted to a violation of Article 6(1)(f) of the GDPR, since the company did not comply with the obligation established under Article 20(1)(c) of Organic Law 3/2018, of 5 December 2018, on the Protection of Personal Data and Guarantee of Digital Rights, which provides for the data to remain blocked for 30 days.

Read also:GDPR: Doorstep Dispensaree LTD fined with 320.000 EURO, 100.000 euro fine to Finland Posti Group Oyi

Acronis Cloud Backup 12.5

2X Faster | 15 Seconds RTO | 21 Platforms