The degree of responsibility of the controller or processor, taking into account the technical or organizational measures they have applied; Any previous infringement committed by the controller or processor; The degree of cooperation with the supervisory authority in order to remedy the infringement and mitigate the possible adverse effects of the infringement; The categories of personal data affected by the breach; The way in which the supervisory authority became aware of the infringement , in particular whether the controller or processor notified the infringement and, if so, to what extent; When the measures indicated in Article 58.
Highlighting the issues of
Adherence to codes of conduct; Any other aggravating or mitigating factor applicable to the circumstances of the case, such as financial benefits obtained or losses avoided, directly or indirectly, through the infringement. Finally, and for comparative purposes, I would like to highlight the news that has occurred in which different large-volume companies appear, such as Facebook and WhatsApp, sanctioned for non-compliance UK Number Data with the provisions of the Data Protection Law. On September 11, 2017, we learned through different publications that the Spanish Data Protection Agency, hereinafter AEPD, had imposed a fine of 1.2 million euros on Facebook.
The AEPD has considered
Facebook collects, stores and uses user information for advertising purposes without having obtained prior authorization to do so. Under the literal meaning of article 7 of the LOPD, there are different data that the Sweden Phone Number List legislator has considered treating as specially protected data, and therefore, their processing depends on compliance with certain requirements, such as the need to have express consent. and in writing from the affected party when the data processed reveals aspects about ideology, union membership, religion and beliefs. In the case that concerns us, the AEPD has considered that the company Facebook has obtained.