But what are these infractions? The LOPDGDD (or also LOPD) includes between articles 72 and 74 all the infractions that can be reported to the AEPD, in which case, if successful and proven, they can end up implying the imposition of a sanction for the offender.
In addition to this information, which will be included in the written complaint to the AEPD, you must also provide all the evidence that proves the infringement that motivates the complaint to the data protection agency.
You already know that you can report breaches of the Data Protection Law and the content that the complaint must contain, but you may be wondering “how to report the use of my personal data?”
The first step before reporting to the AEPD is to exercise our ARCO rights, that is, we will have to make a request to the data controller for any of these rights (access, rectification, erasure, limitation, portability or opposition), depending on the type of infringement or abuse that is being committed.
With respect to the workers who form part of these groups, the employer will have to adopt a series of specific measures for prevention, adaptation and protection, in accordance with the indications of the Ministry of Health, which would entail the processing of their health data, for example, for sending them warnings or recommendations or for the transfer of their data to the Heads of Personnel, Heads of Service or Prevention Services.
In short, we could conclude that sending recommendations to sensitive personnel from the prevention or health surveillance service would be lawful, as it is the employer’s duty to offer effective protection in terms of health and safety to its employees, providing information and ensuring the surveillance of their health, adopting for this purpose as many measures as necessary for the protection of the health and safety of workers, among which would be the sending of recommendations and warning of the cause that may be subject to sensitivity, in each case.
We are pleased that you are visiting our website and thank you for your interest. Below we inform you about the handling of your personal data when you use our website. Personal data is all data that allows you to be personally identified.
For security reasons and to protect the transmission of personal data and other sensitive content (e.g. orders or inquiries to the responsible person), this website uses an SSL connection or Internet. TLS encryption. You can recognize an encrypted connection with the string “https: //” and the padlock icon in your browser bar.
In the case of purely informational use of our website, i.e. if you do not register or provide us with information, we only collect the data that your browser transmits to our server (so-called “server log files”). When you visit our website, we collect the following information that is technically necessary for us to display the website:
The General Data Protection Regulation (GDPR) grants rights to users to manage personal data collected by an organization. These rights can be exercised through a data subject request (DTS). The organization must provide timely information on DSRs and data breaches, and conduct data protection impact assessments (DPAs).
The following tasks are related to compliance with the General Data Protection Regulation (GDPR) standards. Follow the links in the list for more information on implementation.
The GDPR grants individuals (or data subjects) certain rights in relation to the processing of their personal data, including the right to correct inaccurate data, erase data or restrict its processing, receive their data and complete a request to transmit it to another data controller. The controller is responsible for providing a prompt and GDPR-compliant response. For technical details, see Requests from data subjects.