The Spanish Data Protection Authority (AEPD) recently imposed a €500,000 fine on Fútbol Club Barcelona for failing to properly conduct a Data Protection Impact Assessment (DPIA) when implementing biometric systems used during the club’s membership census process. This complex decision ultimately focuses on Article 35 GDPR, with the AEPD concluding that the club failed to […]