The APDCAT registered 79 % more complaints and claims in 2021

From 1 January to 31 December 2021, the Catalan Data Protection Authority (APDCAT) has investigated and investigated 423 complaints and claims, a figure that represents 79 % more than the previous year. In addition to the complaints that have been transferred to the Spanish Data Protection Agency, as they are matters within its competence, the total number of complaints and claims submitted to the APDCAT in the last year has been 685.

Despite the exceptional situation caused by the pandemic, this very significant increase in relation to the 2020 figures clearly consolidates the upward trend that had been observed in previous years.

268 investigations following allegations

Thus, the APDCAT has initiated a total of 268 preliminary information actions as a result of complaints made to the Authority, 58 % more than in 2020, in which 170 were registered.

In 2021, 84 resolutions were issued that ended sanctioning procedures (some of them initiated the previous year) and 99 archival resolutions, considering that there were not or could not be accredited indications of infringement.

Relating the sanctioning procedures resolved in 2021, following the trend of other years, most are related to the field of health and the exercise of administrative powers. Also noteworthy are those related to education, internet / social media and human resources.

The highest number of infringements reported in sanctioning proceedings ending in 2021 has to do, as in other years, with the violation of the principle of confidentiality. The violation of the principle of minimization remains the most frequent infraction. Also noteworthy are infringements related to lack of legality, violation of the right to information and the principle of transparency, as well as violations related to information security.

The actions carried out by the APDCAT in the exercise of the power of inspection and control do not only seek to correct any irregular behavior that is detected, by imposing corrective measures. Also, and most importantly, they are intended to prevent further infringements of applicable personal data protection regulations.

134 % more rights protection claims

As for the protection of rights, 155 complaints were received in 2021, an increase of 134 % compared to 2020, when 66 were received. As for the resolved procedures, the APDCAT has issued 130 resolutions that have put an end to rights protection procedures, compared to the 63 that were issued in 2020, which represents an increase of 107 %.

Attention to the public and entities

In addition, a total of 1,604 requests for information were received from the customer service. The service is available to any person or entity who wishes to request information, file a complaint or ask questions regarding the application of personal data protection legislation. This service also provides information on courses, conferences, seminars, seminars and other training and outreach activities organized by the Authority or in which it participates. The main channel of entry for users has been e-mail, followed by telephone and, thirdly, e-mail.

The APDCAT also offers a consulting service aimed at people responsible for and in charge of processing and the entities or institutions included in its area of ​​competence, which want to adapt their action to data protection regulations. Thus, it is possible asking for advice when starting a new project that has an impact on the field of data protection or at any other time in the processing of personal data. In this sense, in 2021, 265 consultations were proposed, which led to multiple actions, a figure similar to 2020.

With regard to the matters of the inquiries addressed to the service, the main issues have been those related to the regulations and the implementation of the obligations established by the RGPD and the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD). for the persons responsible and in charge of processing and, also, the access or cession of information that contains personal data.