Resolutions, opinions and reports search tool

The person making the complaint showed that her HC3 was accessed from CABO Centelles on four occasions, during the months of May 2022, despite not having been visited at that health center. In response, the DPD of the reported entity has confirmed that it is the material author of the accesses and has justified them by arguing that they were necessary to be able to respond to a request for information that this Authority notified to the aforementioned entity, within the framework of another complaint. filed by the same person complaining. In relation to this, during the prior information phase it was found that the accesses carried out by the personal data protection delegate to the complainant's HC3 were justified, given that they were carried out in the exercise of his duties. , and to respond to a request from this Authority. For all this, the filing of these proceedings is appropriate.

The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.

The entity had not notified the Catalan Data Protection Authority the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation for the entity. This obligation provided for in the GDPR was fully applicable and enforceable to the entity, since May 2018.

The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.

The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.

The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.

The entity has not notified the Catalan Data Protection Authority of the appointment of a data protection officer who, in accordance with article 37.1 of the RGPD, is a mandatory appointment by the entity .

The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.

In the case of the examining body of the consulting entity, the designation of a collegiate body as a data protection officer would not be contrary to the provisions established in the GDPR and the LOPDGDD. In any case, it must be ensured that its members demonstrate the professional skills required and that no situation occurs in which a conflict of interest arises.

Article 12 on the transparency of information is impotently violated by the publication of DPD contact data that did not correspond to the data of the person who actually performed those functions. This meant that the whistleblower could not have the information that the City Council was obliged to provide, constituting a breach provided for in Article 83.5.b.) GDPR in relation to article 74.a LOPDGDD, 'the incompliance of the principle of the transparence of informationn'.