Categories
News Regulatory Updates

Newsletter – May 2021

Global updates – a quick glance

Chile: A temporary reduction in income tax from business profits (i.e., First Category Income Tax (Impuesto De Primera Categoría/IDPC) from 25% to 10% has been introduced, as a tax relief measure under a Covid-19 emergency plan.

China:

  • An increase in the monthly VAT Exemption limit from RMB 100,000 to RMB 150,000 for small scale taxpayers is declared.
  • A reduction in Tax  for Small and Low-Profit Enterprises with annual taxable income less than RMB 1 million. The effective tax rate will be reduced from 5% to 2.5%

Czech Republic: The introduction of a regulation for screening for investments made by foreign entities from countries outside the EU to gain effective control on the economic activity of the private or public companies in Czech Republic.

Hong Kong: The number of statutory holidays to be increased from 12 days to 17 days a year over the years from 2022 to 2030.

India:Mandatory e-invoicing is applicable for businesses with a turnover exceeding INR 500 million with effect from April 1, 2021

Ireland: ‘Right to disconnect’ code of practice will be effective from April 1, 2021. The Right to Disconnect code gives employees the right to switch off from work outside of normal working hours.

Mexico: A decree reforming labor outsourcing in Mexico has been published. The subcontracting of employees (through PEO) is no longer permitted unless those are for specialized services.

Netherlands: The process for registration of one-stop shop for VAT E-commerce has commenced.

Spain: Beginning April 14, 2021, all companies have to keep a salary register.

CountryGDPR Fines
GermanyThe State Commissioner for Data Protection and Freedom of Information has imposed a fine of EUR 300,000 on “VfB Stuttgart 1893 AG” for negligence in breach of accountability under data protection law in accordance with Article 5 (2) GDPR i.e., Responsibility relating to processing of personal data.
IrelandIrish Credit Bureau DAC fined “EUR 90,000” for Insufficient technical and organizational measures to ensure information security as specified under the provisions of GDPR Act.
NetherlandsDPA (UOOU) fined 11 companies a total of EUR 118,500 for sending unrequested postal advertising messages to the mailboxes of various citizens.
The Dutch Data Protection Authority (DPA) has fined the municipality of Enschede for a sum of EUR 600,000 for utilizing Wi-Fi tracking in the city Centre in a way that is prohibited as a usage of the Wi-Fi which resulted in tracking shoppers and people who live or work in the city Centre.
PolandCyfrowy Polsat (S.A) fined “EUR 245,000” for insufficient technical and organizational measures to ensure information security as specified under the provisions of GDPR Act.
Spain
EUR 8.15 million fine was imposed by the Spanish Data Protection Authority for several breaches of GDPR and national legislation by a multinational telecommunication company and its service providers.
The Spanish Data Protection Agency (“Spanish DPA”), charged the fines (EUR 5,000,000 and 6,000,000) to two enormous Spanish financial entities. The logic for the fine was that they set up new and (nearly) unattainable principles bringing about vulnerability and (in some cases) panic that has spread among organizations. 
The Spanish data protection authority (‘AEPD’), on March 09, 2021, fined Xfera Móviles S.A. for EUR 150,000 because it sent unwanted marketing messages, some of which included information related to third parties and continued to send such messages despite objections by the complainant. The AEPD later reduced the fine to EUR 90,000 due to its immediate payment and Xfera Móviles’ admission of guilt.
The Spanish data protection authority (‘AEPD’), charged two fines on EDP ENERGÍA, SAU, firstly EUR 500,000 for the company’s failure to implement technical as well as organizational security measures for the protection of individuals’ personal data and secondly EUR 1,000,000 for its failure to provide sufficient information to the data subjects when contracting through different service providers.
The Spanish data protection authority (‘AEPD’), charged two fines on EDP Comercializadora SA, firstly EUR 500,000 for the company’s failure to implement technical as well as organizational security measures for the protection of individuals’ personal data and secondly EUR 1,000,000 for its failure to provide sufficient information to the data subjects when contracting through different service providers.
The Spanish data protection authority (‘AEPD’), on April 26, 2021, fined Equifax Ibérica, SL for EUR 1,000,000, against the 96 complaints, for the inclusion of personal data of individuals associated with alleged debts in the File of Judicial Claims and Public Bodies (‘FIJ’), without their consent, and in some cases without such data being accurate.
An energy distribution company named I-De Redes Eléctricas Inteligentes, SAU was fined for EUR 200,000 by The Spanish data protection authority (‘AEPD’) who also observed that the personal data must only be processed for specific, defined, and legitimate purposes, and must not be subsequently processed in a manner inconsistent with such purposes.
The Spanish data protection authority (‘AEPD’), on February 2, 2021, imposed two fines aggregating EURO 100,000 against Iberdrola Clients, SAU regarding denial of the right to erasure of personal data. AEPD imposed a fine of EURO 50,000 for violations of principles of data processing EURO 50,000 for violation of right to be erased.
United KingdomThe Information Commissioner’s Office (‘ICO’) imposed a fine of GBP 250,000 on Leads Work Limited for sending marketing text messages to individuals without their consent.

CLICK HERE FOR FULL REPORT