Sending the curriculum and not being answered has a data protection fine: 2,000 euros for not informing the candidate about their treatment and rights
It has happened to many of us who have looked for work through the internet at some time: send the CV to a company and wait forever an answer that never comes. Now, that practice of silent disposal may have its days numbered, since the Spanish Agency for Data Protection (AEPD) has just fined a Spanish company -of which they have not shared a name- for not answering a candidate who sent them his resume via WhatsApp, as can be read in the resolution of the sanctioning procedure of the case.
The AEPD understands that the company breached data protection regulations by not responding with an informative message in which he clarified the treatment that he was going to do with the personal data collected in the curriculum of the affected person or how they could exercise their rights before the person responsible for treating them.
“The collection of personal data through forms included in a web page constitutes a data processing, with respect to which the data controller must comply with the provisions in article 13 of the General Data Protection Regulation ”, includes the resolution.
Likewise, the sanctioned company also incurred a violation of data protection regulations by not properly identifying your data protection officer on its website, the rights of its users or the means to exercise their rights.
The agency indicates that it has informed the affected company of the sanctioning process, so that it could present allegations and evidence that contradict the facts denounced, but the company has not responded to these requirements either, for which the AEPD has resolved to fine her with an amount of 2,000 euros.
For the agency to have acted It was necessary to report the candidate, who presented evidence of what happened which was later investigated and confirmed by the AEPD. The body in charge of ensuring data protection in Spain has imposed a lower sanction if we compare it with the fines such as that received by BBVA and La Caixa, since non-compliance with the principles of transparency and the right to information are considered minor infractions. and there have been several extenuating circumstances: the company was not a large company, it had not committed any such infractions before, and it has not derived direct benefits from the offense.