E-form (Catalan version available)
In what circumstances?
Any act considered an infringement by the data protection law (LOPD), be it violation of that provided in the law or non-observance of what it establishes, may be reported to the Data Protection Authority.
The different types of infringement – minor, serious and very serious, are defined in the law.
Complaints must be submitted in writing and addressed to the Data Protection Authority.
The complaint must include a description of the facts being brought to the attention of the Authority. When these facts are attributed to a person or organisation included within the scope of authority of the Catalan Data Protection Authority (APDCAT), the inspection department of that institution will open a prior information phase or period to determine whether the facts merit the instigation of sanction proceedings, establish the identity of the person or persons who may be responsible and gather details of the relevant circumstances that may apply. Should these prior actions lead to the conclusion that reasonable grounds exist to impute the commission of an infringement, the Authority will initiate and administer the corresponding sanction proceedings. The result of the inspections will be communicated to the complainant.
When the facts subject of the complaint are attributed to a person or organisation not included within the scope of action of the APDCAT, the complaint will be transferred to the Spanish Data Protection Agency (AEPD), and this will be communicated to the complainant. To obtain information regarding the progress of complaints transferred to the AEPD, complainants can consult the Agency’s website www.agpd.es or call the Agency on 901 100 099.