Resolutions, opinions and reports search tool

It resolves to punish a city council as responsible for 2 offences provided for in police regulations (LO 7/2021), which were caused by the transfer of the police station to new municipal premises: 1) it lacks the placement of video surveillance camera information posters; and 2) it lacks security measures, due to the fact that everyone has a panel of screens in which real-time images were reproduced through cameras installed in public spaces.

It resolves to sanction the City Council as responsible for three infringements: 1) lack of contract for the processor or equivalent document, 2) lack of information on the ends provided for in art.

The City Council stored a common electronic folder, to which all agents and administrative staff of the Local Police could access, a complaint that the complainant filed about the counting of hours of the service days carried out.

It is decided to admonise the Department of Justice, Rights and Memory since, as of 02/02/2023, when the Organic Law 7/2021, on the protection of personal data processed in the enforcement of criminal sanctions, was already fully applicable, the Department did not provide the prison population with all the information provided for in art. In this regard, no corrective measures are required since, in the letter of allegations that the Department has submitted to the Authority, it claims to have updated the right of information it provides to the prison population when entering a prison, in accordance with the IT 7/2021. In this regard, the entity has provided a copy of the right of information signed by persons who have entered prison during February and March 2023, and it is noted that these are already adapted to the IT 7/2021.

The form of the application in paper format did not include all the information in Article 13 GDPR. The online application form included all the ends of Article 13 of the GDPR, although through a chain of links that made it unreachable and transparent.

Resolution is issued, we imput the principle of accuracy given that a resolution is notified executively in a postal address corresponding to another vehicle of the person concerned; and not in the postal address that is specifically linked to the vehicle sanctioned in the registers of the DGT and that is the correct one in accordance with Article 90 of the LLei transit.

The Agency for the Housing of Catalonia is admonished for breach of the duty of confidentiality, for having communicated to a person (A) the erroneous renewal of another person's registration (B) in the Register of Housing Applicants with Official Protection of Catalonia. This error in turn stemmed from another mistake made by the municipal company under charge, which linked the request for renewal of A to the letter of B.

The Agency is admonished as being responsible for a serious breach of security measures because its main website did not implement a secure website authentication protocol (HTTPS).

It resolves to admonish the ICS as being responsible for the infringement of the principle of confidentiality, since nursing staff would have accessed different clinical histories in an unjustified manner, and it resolves to archive the facts relating to certain accesses that are considered justified. It is also proposed that the entity take disciplinary action against the person responsible for improper access.

The entity has not notified the Catalan Data Protection Authority of the designation of a data protection officer who, according to Article 37.1 of the GDPR, is a mandatory designation by the entity.