The Spanish data protection authority ('AEPD') published, on 4 February 2022, its decision in proceeding PS-00322-2021, in which it imposed a fine of €300,000 on SegurCaixa Adeslas, S.A. de Seguros y Reaseguros for violations of Articles 6, 17, and 28 of the General Data Protection Regulation (Regulation (EU) 2016/679) ('GDPR'), following the sending of marketing emails to the complainant, despite the latter's request for deletion of their data, as well as registration of their email address in the Robinson List, i.e. opt-out list of people who do not wish to receive marketing communications. Background to the decision In particular, the AEPD commenced its investigation following the receipt
News
Spain: AEPD fines SegurCaixa Adeslas €300,000 for unsolicited email marketing and failure to facilitate right to erasure
February 8, 2022
Summary
The Spanish Data Protection Authority (AEPD) fined SegurCaixa Adeslas €300,000 for GDPR violations after the company sent marketing emails to an individual who had requested data erasure and was listed on the Robinson List, an opt-out list for marketing communications. The AEPD's investigation, initiated by a complaint, revealed that SegurCaixa Adeslas failed to lawfully process data under Article 6, did not respond to the erasure request as per Article 17, and lacked a proper contract with insurance agents in accordance with Article 28(3) of the GDPR.