The Spanish Data Protection Agency (AEPD) has issued a warning sanction to the Arrecife City Council for not appointing a data protection delegate or communicating it to the relevant authority, thus incurring a possible infraction. This was announced by the agency through a published list of sanctioned organizations.
On two occasions, the Data Protection Subdirectorate notified the Arrecife City Council that it should designate a data protection delegate and communicate it to the Agency. In addition, it also warned that failure to do so within ten days could result in sanctions. These notifications took place on February 17 and April 26 of last year.
The Agency checked again on July 18, 2022, whether the Arrecife City Council had already presented its delegate. After that, two days later, the Director of the Spanish Data Protection Agency, Mar España Martí, agreed to initiate a sanctioning procedure against the City Council. The reason was an alleged infraction of article 37 of the Data Protection Law.
The Arrecife City Council did not present any allegations against the initiation of the sanctioning file. For that reason, the Spanish Data Protection Agency proceeded to warn the consistory. Now, the City Council has one month to prove that it has appointed a CEO.
This administrative infraction is classified as serious and could carry maximum fines of up to 100,000 euros for public administrations. For the moment, the AEPD has not financially sanctioned the consistory.