Take a fresh look at your lifestyle.

Sending the curriculum and not being answered has a data protection fine: 2,000 euros for not informing the candidate about their treatment and rights

It has happened to many of us who have looked for work through the internet at some time: sending the CV to a company and waiting in aeternum for an answer that never comes. Now, that practice of silent discarding may have its days numbered, since the Spanish Data Protection Agency (AEPD) has just fined a Spanish company -of which they have not shared a name- for not answering a candidate who referred them his CV via WhatsApp, as can be read in the resolution of the sanctioning procedure of the case.

The AEPD understands that the company breached the data protection regulations by not responding with an informative message in which it clarified the treatment that it was going to make of the personal data collected in the curriculum of the affected person or how it could exercise its rights before the person responsible for treating them.

“The collection of personal data through forms included in a web page constitutes data processing, with respect to which the person responsible for the treatment must comply with the provisions of article 13 of the General Data Protection Regulation”, pick up the resolution.

Likewise, the sanctioned company also incurred a breach of data protection regulations by not properly identifying on its website its data protection officer, the rights of its users, or the means to exercise their rights.

The agency indicates that it has informed the affected company of the sanctioning process so that it could present allegations and evidence that contradict the facts reported, but the company has not responded to those requirements either, so the AEPD has resolved to find it with an amount of 2,000 euros.

For the agency to have acted, the candidate’s complaint has been necessary, who presented evidence of what happened that was later investigated and confirmed by the AEPD. The body in charge of ensuring data protection in Spain has imposed a lower sanction if we compare it with fines such as that received by BBVA and La Caixa since non-compliance with the principles of transparency and the right to information are considered minor infractions and there have been several extenuating circumstances: the company was not a large company, it had not committed any such infractions before, and it has not derived direct benefits from the offense.