Show all guides
Europe
GDPR

Spain’s AEPD fines Iberinform €720,000 for improper data processing

Last update:
Sep 30, 2025

Spain’s data protection authority (AEPD) fined Iberinform Internacional S.A. €720,000 after concluding the company processed personal data of self-employed professionals without adequately informing them as required by law. The company claimed that informing all relevant users would have demanded hefty budgets, a claim the regulator has rejected. 

The data in question included personal details such as the subject’s name, ID number, contact information, and address. The AEPD held that collecting and processing this data must comply with the GDPR's requirements for fairness, purpose limitation, and transparency. This fine, yet again, signals the current heightened scrutiny of data use and access to personal information. Companies are expected to inform users and obtain consent, even if the process is relatively costly.

The full guidelines can be found
here

Related Guides

Irish DPC Fines Meta 390M Euros over Legal Basis for Personalized Ads

January 5, 2023

After lengthy review, the Irish DPC issued a massive fine to Meta over its failure to give opt-in for personalized ads.
Europe
GDPR

EDPB releases opinion on training AI models

December 15, 2024

The EDPB released an opinion on GDPR compliance when training AI models, addressing anonymization, legitimate interest, and criteria for lawful data use.
Europe
GDPR
The information provided on this website does not, and is not intended to, constitute legal advice; instead, all information, content, and materials available on this site are for general informational purposes only