{"id":14101,"date":"2026-05-27T15:14:52","date_gmt":"2026-05-27T13:14:52","guid":{"rendered":"https:\/\/www.arcadsoftware.com\/dot\/?p=14101"},"modified":"2026-05-29T09:50:54","modified_gmt":"2026-05-29T07:50:54","slug":"data-breaches-in-spain-what-the-2026-aepd-report-reveals","status":"publish","type":"post","link":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/","title":{"rendered":"Data breaches in Spain: what the 2026 AEPD report reveals"},"content":{"rendered":"<p><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-1 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-right-small:20px;--awb-padding-left-small:20px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-justify-content-center fusion-flex-content-wrap\" style=\"max-width:1248px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-0 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:20px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:10px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element \" style=\"text-align:center;--awb-max-width:600px;--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-1 hover-type-none\" style=\"border-radius:8px;\"><img decoding=\"async\" width=\"600\" height=\"224\" alt=\"Data breaches in Spain: AEPD 2026 report and anonymization\" src=\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png\" data-orig-src=\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png\" class=\"lazyload img-responsive wp-image-14088\" srcset=\"data:image\/svg+xml,%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27600%27%20height%3D%27224%27%20viewBox%3D%270%200%20600%20224%27%3E%3Crect%20width%3D%27600%27%20height%3D%27224%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E\" data-srcset=\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization-200x75.png 200w, https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization-400x149.png 400w, https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png 600w\" data-sizes=\"auto\" data-orig-sizes=\"(max-width: 640px) 100vw, 600px\" \/><\/span><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-1 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:10px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-1 sm-text-align-left author\" style=\"--awb-content-alignment:center;\"><p>By Pierre Henriet \u00b7 May 27, 2026<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-2 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-right:20px;--awb-padding-left:20px;--awb-flex-wrap:wrap;\" id=\"blog-content\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-justify-content-center fusion-flex-content-wrap\" style=\"max-width:1248px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-2 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-2\" style=\"--awb-content-alignment:left;\"><p><strong>357 million people notified of a data breach since 2024. And in the first four months of 2026 alone, the AEPD (Spanish Data Protection Agency) has already received nearly two-thirds of what 2025 saw in total.<\/strong><\/p>\n<p>The AEPD logs the breach notifications it receives and now publishes the details <a href=\"https:\/\/www.aepd.es\/derechos-y-deberes\/cumple-tus-deberes\/medidas-de-cumplimiento\/brechas-de-datos-personales-notificacion\/notificaciones-de-brechas-de-datos-personales\" target=\"_blank\" rel=\"noopener noreferrer\">in an interactive dashboard<\/a>: volume, sectors affected, victim profiles, severity, attack methods, and geography. This transparency is valuable. Companies can benchmark their risk exposure, DPOs can build a case for their board, and CISOs can right-size their investments.<\/p>\n<p><a style=\"font-size: 12px;\" href=\"https:\/\/info.arcadsoftware.com\/es\/entrada-de-blog-brechas-de-datos-en-espa%C3%B1a-lo-que-revela-el-informe-de-la-aepd-2026\" target=\"_blank\" rel=\"noopener\">\u00bb Read this article in Spanish<\/a><\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-3 fusion_builder_column_2_3 2_3 fusion-flex-column to-remember\" style=\"--awb-padding-top:15px;--awb-padding-right:25px;--awb-padding-bottom:5px;--awb-padding-left:25px;--awb-overflow:hidden;--awb-bg-size:cover;--awb-border-radius:9px 9px 9px 9px;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-3 fusion-text-no-margin\" style=\"--awb-margin-bottom:0px;\"><p><span class=\"title\">Key takeaways<\/span><\/p>\n<\/div><ul style=\"--awb-size:14px;--awb-margin-bottom:20px;--awb-item-padding-top:6px;--awb-item-padding-bottom:0px;--awb-line-height:23.8px;--awb-icon-width:23.8px;--awb-icon-height:23.8px;--awb-icon-margin:9.8px;--awb-content-margin:33.6px;--awb-circlecolor:#1a80b6;--awb-circle-yes-font-size:12.32px;\" class=\"fusion-checklist fusion-checklist-1 type-numbered\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\">1<\/span><div class=\"fusion-li-item-content\">\n<p><strong>2026 is on track to break records:<\/strong> 1,737 notifications in 4 months, compared to 2,600 for all of 2025.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\">2<\/span><div class=\"fusion-li-item-content\">\n<p><strong>Tourism and healthcare<\/strong>, the hardest hit with 97 and 93 notifications: two of Spain's biggest industries.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\">3<\/span><div class=\"fusion-li-item-content\">\n<p><strong>68% of breaches are intentional<\/strong>: phishing, ransomware, and unauthorized access dominate.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\">4<\/span><div class=\"fusion-li-item-content\">\n<p><strong>Anonymization, the structural fix<\/strong>: anonymized data that leaks is no longer a notifiable breach.<\/p>\n<\/div><\/li><\/ul><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-4 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-1 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">1. 2026 is breaking records<\/h2><\/div><div class=\"fusion-text fusion-text-4\" style=\"--awb-content-alignment:left;\"><p>The numbers are stark. Between 2024 and April 2026, the AEPD received <strong>7,041 breach notifications<\/strong>: 2,704 in 2024, 2,600 in 2025, and already <strong>1,737 in the first four months of 2026 alone<\/strong>. At this rate, 2026 will easily surpass both previous years.<\/p>\n<p>Even more striking: March 2026 alone recorded <strong>762 notifications<\/strong>, an all-time high. April followed with 502 new notifications. This isn't statistical background noise anymore \u2014 it's a tipping point.<\/p>\n<p>The human scale is staggering: <strong>357 million people notified in total<\/strong>, including 209 million in 2025 alone. The peaks in October and November 2025 (close to 60 million people notified each month) suggest one or more nationwide mega-breaches.<\/p>\n<\/div><div class=\"fusion-title title fusion-title-2 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">2. Who are the victims?<\/h2><\/div><div class=\"fusion-text fusion-text-5\" style=\"--awb-content-alignment:left;\"><p>The AEPD report tells us a lot about who gets hit. Unsurprisingly, <strong>customers and citizens dominate<\/strong> (268 cases), followed by <strong>employees<\/strong> (145). Worth noting: leaks affect external data as much as organizations' internal HR data.<\/p>\n<p>The most sensitive number is elsewhere: <strong>113 breaches involve special categories <\/strong>\u2014 data with extra legal protection. And among these, <strong>105 cases involve <a href=\"\/dot\/resources\/blog-en\/health-data-anonymization-challenges-techniques-and-best-practices-for-ai-and-medical-research\/\">health data<\/a><\/strong>, whether of patients (80) or employees (25). Then: trade union membership (11), genetic data (6), racial or ethnic origin (5),  and more rarely, religion, sex life, or political views.<\/p>\n<p>Severity is mixed: 311 breaches are classified as low severity, 98 as medium severity, and <strong>23 as high severity<\/strong>. Another 69 cases have unknown consequences \u2014 a blind spot worth watching.<\/p>\n<\/div><div class=\"fusion-title title fusion-title-3 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">3. Tourism and healthcare on the front line<\/h2><\/div><div class=\"fusion-text fusion-text-6\" style=\"--awb-content-alignment:left;\"><p>The sector split is obvious. With <strong>97 notifications for tourism and 93 for healthcare<\/strong>, two of Spain's biggest industries account for the bulk of incidents. Behind them: retail (36), education (24), IT services (21), and private insurance (12).<\/p>\n<p>This isn't coincidental. The tourism sector handles enormous volumes of personal data (passports, payment methods, travel data) often shared between multiple partners (hotels, agencies, booking platforms). Healthcare deals in ultra-sensitive data by nature \u2014 and its information systems have long been fragmented and hard to secure.<\/p>\n<p>On the map: <strong>Madrid (135 notifications), Catalonia (114), and the Valencian Community (52)<\/strong> lead the count. The report also records 81 cross-border breaches, 53 of which involve France. In Europe, risk doesn't stop at national borders.<\/p>\n<\/div><div class=\"fusion-title title fusion-title-4 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">4. Most concerning: 68% of breaches are intentional<\/h2><\/div><div class=\"fusion-text fusion-text-7\" style=\"--awb-content-alignment:left;\"><p>This is the report's most striking number, by far. Of the 502 notifications filed through the AEPD's online form:<\/p>\n<\/div><ul style=\"--awb-size:16px;--awb-margin-top:-15px;--awb-item-padding-top:0px;--awb-iconcolor:var(--awb-color4);--awb-line-height:27.2px;--awb-icon-width:27.2px;--awb-icon-height:27.2px;--awb-icon-margin:11.2px;--awb-content-margin:38.4px;--awb-circlecolor:var(--awb-color1);--awb-circle-yes-font-size:14.08px;\" class=\"fusion-checklist fusion-checklist-2 type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>310 are classified as intentional<\/strong>, deliberate attacks<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>144 are accidental or unintentional<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>48 of unknown origin<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-8\" style=\"--awb-content-alignment:left;--awb-margin-top:20px;\"><p><strong>Roughly two in three breaches are deliberate attacks<\/strong>. And by type, <b>462 hit data confidentiality<\/b> (compared to 98 for availability and 12 for integrity). Bottom line: these aren't technical failures \u2014 they're leaks.<\/p>\n<p>Look at the attack methods:<\/p>\n<\/div><ul style=\"--awb-size:16px;--awb-margin-top:-15px;--awb-item-padding-top:0px;--awb-iconcolor:var(--awb-color4);--awb-line-height:27.2px;--awb-icon-width:27.2px;--awb-icon-height:27.2px;--awb-icon-margin:11.2px;--awb-content-margin:38.4px;--awb-circlecolor:var(--awb-color1);--awb-circle-yes-font-size:14.08px;\" class=\"fusion-checklist fusion-checklist-3 type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\"><strong>Unauthorized system access:<\/strong> 261 cases<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\"><strong>Phishing \/ compromised user or admin account:<\/strong> 144 cases<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>Ransomware \/ device encryption:<\/strong> 117 cases<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Data sent in error: 48<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Technical incident: 33<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Data displayed to the wrong recipient: 31<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>Employee privilege abuse: 14<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-9\" style=\"--awb-content-alignment:left;--awb-margin-top:20px;\"><p>The top three methods alone (unauthorized access, phishing, ransomware) account for more than 500 incidents. What they share: <strong>an attacker gets to real data sitting in a live system<\/strong>. Which raises the question: did that data really need to be there in its real form?<\/p>\n<\/div><div class=\"fusion-title title fusion-title-5 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">5. Non-production data: an underestimated risk<\/h2><\/div><div class=\"fusion-text fusion-text-10\" style=\"--awb-content-alignment:left;\"><p>The AEPD's statistics record breaches affecting production systems. But they overlook a reality every CIO knows: production data is systematically copied into other environments \u2014 development, testing, QA, training, analytics.<\/p>\n<p>These copies create real risk:<\/p>\n<\/div><ul style=\"--awb-size:16px;--awb-margin-top:-15px;--awb-item-padding-top:0px;--awb-iconcolor:var(--awb-color4);--awb-line-height:27.2px;--awb-icon-width:27.2px;--awb-icon-height:27.2px;--awb-icon-margin:11.2px;--awb-content-margin:38.4px;--awb-circlecolor:var(--awb-color1);--awb-circle-yes-font-size:14.08px;\" class=\"fusion-checklist fusion-checklist-4 type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>They sit outside the security controls that protect production.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>External providers, subcontractors, and developers often have access.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>They get exported to the cloud, SaaS tools, and personal laptops.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-chevron-right fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p>They expand the attack surface without adding any business value.<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-text fusion-text-11\" style=\"--awb-content-alignment:left;--awb-margin-top:20px;\"><p>GDPR Article 5 lays down a minimization rule: only process data you actually need for the job. The Spanish LOPDGDD goes further: <a href=\"https:\/\/www.boe.es\/buscar\/pdf\/2018\/BOE-A-2018-16673-consolidado.pdf\" target=\"_blank\" rel=\"noopener noreferrer\">its Article 72 classifies as a very serious offense \"the deliberate reversal of an anonymization process aimed at enabling the re-identification of the data subjects\"<\/a>. That's a strong signal \u2014 and it sets a high bar: only robust, irreversible anonymization actually protects.<\/p>\n<p>In practice, though, minimization rarely makes it outside production. A developer does not need to know a customer's real name, real address, or real card number to test a feature.<\/p>\n<\/div><div class=\"fusion-title title fusion-title-6 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">6. Anonymization: the only structural response<\/h2><\/div><div class=\"fusion-text fusion-text-12\" style=\"--awb-content-alignment:left;\"><p>One response actually works: <strong>irreversible data anonymization<\/strong>. Unlike security tools that try to block access, anonymization addresses the problem before it starts: it turns real data into fake data, still useful for the business, useless if it leaks.<\/p>\n<p>This distinction matters: <strong>anonymized data that leaks is no longer a notifiable breach<\/strong>. Today, it's the only approach that kills the risk at the source instead of trying to contain it.<\/p>\n<p>The AEPD itself pushes these techniques and has published several how-to guides on the subject. <a href=\"https:\/\/www.enforcementtracker.com\/\" target=\"_blank\" rel=\"noopener noreferrer\">The Spanish regulator is one of the most advanced in Europe<\/a> here.<\/p>\n<\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-5 fusion_builder_column_2_3 2_3 fusion-flex-column cta-box\" style=\"--awb-padding-top:25px;--awb-padding-right:20px;--awb-padding-bottom:30px;--awb-padding-left:20px;--awb-bg-image:radial-gradient(circle at center center, #daeaf65e 0%,#daeaf61a 100%);--awb-bg-size:cover;--awb-box-shadow:3px 3px 4px 0px #daeaf65e;;--awb-border-color:var(--awb-color5);--awb-border-style:solid;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-13 fusion-text-no-margin\" style=\"--awb-content-alignment:center;--awb-font-size:22px;--awb-text-color:var(--awb-color6);--awb-margin-bottom:15px;--awb-text-font-family:&quot;Poppins&quot;;--awb-text-font-style:normal;--awb-text-font-weight:800;\"><p>Reduce your attack surface with DOT Anonymizer<\/p>\n<\/div><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-medium button-custom fusion-button-default button-1 fusion-button-default-span fusion-button-default-type\" style=\"--button_accent_color:#ffffff;--button_border_color:var(--awb-color6);--button_accent_hover_color:var(--awb-color1);--button_border_hover_color:var(--awb-color6);--button_gradient_top_color:var(--awb-color6);--button_gradient_bottom_color:var(--awb-color6);--button_gradient_top_color_hover:var(--awb-color6);--button_gradient_bottom_color_hover:var(--awb-color6);\" target=\"_self\" data-hover=\"text_slide_up\" href=\"\/dot\/\"><div class=\"awb-button-text-transition  awb-button__hover-content--centered\"><span class=\"fusion-button-text awb-button__text awb-button__text--default\">Discover DOT Anonymizer<\/span><span class=\"fusion-button-text awb-button__text awb-button__text--default\">Discover DOT Anonymizer<\/span><\/div><\/a><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-6 fusion_builder_column_2_3 2_3 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-7 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">7. DOT Anonymizer: a practical answer<\/h2><\/div><div class=\"fusion-text fusion-text-14\"><p><a href=\"\/dot\/\">DOT Anonymizer \u2014 ARCAD Software's anonymization solution<\/a> \u2014 is built for complex, heterogeneous information systems. Environments like these are common in tourism, healthcare, banking, and insurance \u2014 precisely those highlighted by the AEPD report.<\/p>\n<p>Here's how DOT Anonymizer addresses them:<\/p>\n<\/div><ul style=\"--awb-size:16px;--awb-margin-top:-15px;--awb-item-padding-top:0px;--awb-iconcolor:var(--awb-color4);--awb-line-height:27.2px;--awb-icon-width:27.2px;--awb-icon-height:27.2px;--awb-icon-margin:11.2px;--awb-content-margin:38.4px;--awb-circlecolor:var(--awb-color1);--awb-circle-yes-font-size:14.08px;\" class=\"fusion-checklist fusion-checklist-5 type-icons\"><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-check-square fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>Multi-DBMS coverage:<\/strong> Oracle, SQL Server, PostgreSQL, MySQL, DB2, flat files\u2026 It works across every source \u2014 no need to rebuild your IS.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-check-square fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>Referential consistency:<\/strong> the anonymized data still works for testing, development, and analytics. The same customer keeps the same fake identity across all databases.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-check-square fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><strong>GDPR and LOPDGDD compliance:<\/strong> the techniques line up with the AEPD's and EDPB's anonymization recommendations.<\/p>\n<\/div><\/li><li class=\"fusion-li-item\" style=\"\"><span class=\"icon-wrapper circle-yes\"><i class=\"fusion-li-icon fa-check-square fas\" aria-hidden=\"true\"><\/i><\/span><div class=\"fusion-li-item-content\">\n<p><span style=\"background-color: rgba(255, 255, 255, 0);\"><strong>Built to scale<\/strong>: rapid deployment across non-production environments, with automated refresh cycles<\/span>.<\/p>\n<\/div><\/li><\/ul><div class=\"fusion-title title fusion-title-8 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:24px;--awb-margin-left-small:0px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"margin:0;--fontSize:54;line-height:1.14;\">8. The question is no longer \"if\", but \"when\"<\/h2><\/div><div class=\"fusion-text fusion-text-15\"><p>357 million notifications. 68% intentional attacks. A sharp acceleration in 2026. The AEPD report is unambiguous: <strong><a href=\"\/dot\/resources\/blog-en\/preventing-data-breaches-through-anonymization\/\">data leaks are structural, and they're growing<\/a><\/strong>.<\/p>\n<p>Securing production isn't enough on its own. As long as real data lives in test, development, and training environments, the attack surface will stay huge. Anonymization is finally the right-sized response.<\/p>\n<\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-3 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-right:20px;--awb-padding-left:20px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-justify-content-center fusion-flex-content-wrap\" style=\"max-width:1248px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-7 fusion_builder_column_2_3 2_3 fusion-flex-column cta-box\" style=\"--awb-padding-top:25px;--awb-padding-right:40px;--awb-padding-bottom:30px;--awb-padding-left:40px;--awb-bg-image:radial-gradient(circle at center center, #daeaf65e 0%,#daeaf61a 100%);--awb-bg-size:cover;--awb-box-shadow:3px 3px 4px 0px #daeaf65e;;--awb-border-color:var(--awb-color5);--awb-border-style:solid;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-text fusion-text-16 fusion-text-no-margin\" style=\"--awb-content-alignment:center;--awb-font-size:22px;--awb-text-color:var(--awb-color6);--awb-margin-bottom:15px;--awb-text-font-family:&quot;Poppins&quot;;--awb-text-font-style:normal;--awb-text-font-weight:800;\"><p>Protect your non-production environments<\/p>\n<\/div><div style=\"text-align:center;\"><a class=\"fusion-button button-flat button-medium button-custom fusion-button-default button-2 fusion-button-default-span fusion-button-default-type\" style=\"--button_accent_color:#ffffff;--button_border_color:var(--awb-color6);--button_accent_hover_color:var(--awb-color1);--button_border_hover_color:var(--awb-color6);--button_gradient_top_color:var(--awb-color6);--button_gradient_bottom_color:var(--awb-color6);--button_gradient_top_color_hover:var(--awb-color6);--button_gradient_bottom_color_hover:var(--awb-color6);\" target=\"_self\" data-hover=\"text_slide_up\" href=\"\/dot\/\"><div class=\"awb-button-text-transition  awb-button__hover-content--centered\"><span class=\"fusion-button-text awb-button__text awb-button__text--default\">Request a demo<\/span><span class=\"fusion-button-text awb-button__text awb-button__text--default\">Request a demo<\/span><\/div><\/a><\/div><\/div><\/div><\/div><\/div><div class=\"fusion-fullwidth fullwidth-box fusion-builder-row-4 fusion-flex-container nonhundred-percent-fullwidth non-hundred-percent-height-scrolling\" style=\"--awb-border-radius-top-left:0px;--awb-border-radius-top-right:0px;--awb-border-radius-bottom-right:0px;--awb-border-radius-bottom-left:0px;--awb-padding-top:45px;--awb-padding-bottom:45px;--awb-padding-right-small:20px;--awb-padding-left-small:20px;--awb-flex-wrap:wrap;\" ><div class=\"fusion-builder-row fusion-row fusion-flex-align-items-flex-start fusion-flex-justify-content-center fusion-flex-content-wrap\" style=\"max-width:1248px;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column fusion-builder-column-8 fusion_builder_column_2_3 2_3 fusion-flex-column author\" style=\"--awb-padding-top:25px;--awb-padding-right:25px;--awb-padding-bottom:25px;--awb-padding-left:25px;--awb-bg-color:var(--awb-color1);--awb-bg-color-hover:var(--awb-color1);--awb-bg-size:cover;--awb-box-shadow:2px 1px 4px 0px rgba(33,41,52,0.41);;--awb-width-large:66.666666666667%;--awb-margin-top-large:0px;--awb-spacing-right-large:2.88%;--awb-margin-bottom-large:20px;--awb-spacing-left-large:2.88%;--awb-width-medium:66.666666666667%;--awb-order-medium:0;--awb-spacing-right-medium:2.88%;--awb-spacing-left-medium:2.88%;--awb-width-small:100%;--awb-order-small:0;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-builder-row fusion-builder-row-inner fusion-row fusion-flex-align-items-flex-start fusion-flex-justify-content-center fusion-flex-content-wrap\" style=\"--awb-flex-grow:0;--awb-flex-grow-medium:0;--awb-flex-grow-small:0;--awb-flex-shrink:0;--awb-flex-shrink-medium:0;--awb-flex-shrink-small:0;width:104% !important;max-width:104% !important;margin-left: calc(-4% \/ 2 );margin-right: calc(-4% \/ 2 );\"><div class=\"fusion-layout-column fusion_builder_column_inner fusion-builder-nested-column-0 fusion_builder_column_inner_1_5 1_5 fusion-flex-column\" style=\"--awb-bg-size:cover;--awb-width-large:20%;--awb-margin-top-large:20px;--awb-spacing-right-large:0%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:9.6%;--awb-width-medium:20%;--awb-order-medium:0;--awb-spacing-right-medium:0%;--awb-spacing-left-medium:9.6%;--awb-width-small:100%;--awb-order-small:0;--awb-margin-top-small:0px;--awb-spacing-right-small:0%;--awb-margin-bottom-small:0px;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-image-element \" style=\"--awb-max-width:130px;--awb-caption-title-font-family:var(--h2_typography-font-family);--awb-caption-title-font-weight:var(--h2_typography-font-weight);--awb-caption-title-font-style:var(--h2_typography-font-style);--awb-caption-title-size:var(--h2_typography-font-size);--awb-caption-title-transform:var(--h2_typography-text-transform);--awb-caption-title-line-height:var(--h2_typography-line-height);--awb-caption-title-letter-spacing:var(--h2_typography-letter-spacing);\"><span class=\" fusion-imageframe imageframe-none imageframe-2 hover-type-none\" style=\"border-radius:50px;\"><img decoding=\"async\" width=\"200\" height=\"200\" alt=\"Pierre Henriet, anonymization specialist\" src=\"data:image\/svg+xml,%3Csvg%20xmlns%3D%27http%3A%2F%2Fwww.w3.org%2F2000%2Fsvg%27%20width%3D%27200%27%20height%3D%27200%27%20viewBox%3D%270%200%20200%20200%27%3E%3Crect%20width%3D%27200%27%20height%3D%27200%27%20fill-opacity%3D%220%22%2F%3E%3C%2Fsvg%3E\" data-orig-src=\"https:\/\/www.arcadsoftware.fr\/dot\/wp-content\/uploads\/2026\/05\/pierre-henriet.png\" class=\"lazyload img-responsive wp-image-14086\"\/><\/span><\/div><\/div><\/div><div class=\"fusion-layout-column fusion_builder_column_inner fusion-builder-nested-column-1 fusion_builder_column_inner_3_4 3_4 fusion-flex-column fusion-flex-align-self-center\" style=\"--awb-bg-size:cover;--awb-width-large:75%;--awb-margin-top-large:20px;--awb-spacing-right-large:2.56%;--awb-margin-bottom-large:0px;--awb-spacing-left-large:2.56%;--awb-width-medium:75%;--awb-order-medium:0;--awb-spacing-right-medium:2.56%;--awb-spacing-left-medium:2.56%;--awb-width-small:100%;--awb-order-small:0;--awb-margin-top-small:0px;--awb-spacing-right-small:1.92%;--awb-spacing-left-small:1.92%;\"><div class=\"fusion-column-wrapper fusion-column-has-shadow fusion-flex-justify-content-flex-start fusion-content-layout-column\"><div class=\"fusion-title title fusion-title-9 fusion-sep-none fusion-title-text fusion-title-size-two\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top:0px;--awb-margin-bottom:7px;--awb-margin-top-small:12px;--awb-margin-right-small:0px;--awb-margin-bottom-small:5px;--awb-margin-left-small:0px;--awb-font-size:13px;\"><h2 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"font-family:&quot;Poppins&quot;;font-style:normal;font-weight:500;margin:0;font-size:1em;--fontSize:13;--minFontSize:13;line-height:1.14;\">About the author<\/h2><\/div><div class=\"fusion-title title fusion-title-10 fusion-sep-none fusion-title-text fusion-title-size-three\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top:0px;--awb-margin-bottom:0px;--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:0px;--awb-margin-left-small:0px;--awb-font-size:22px;\"><h3 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"font-family:&quot;Poppins&quot;;font-style:normal;font-weight:600;margin:0;font-size:1em;--fontSize:22;--minFontSize:22;line-height:1.26;\">Pierre Henriet<\/h3><\/div><div class=\"fusion-title title fusion-title-11 fusion-sep-none fusion-title-text fusion-title-size-four\" style=\"--awb-text-color:var(--awb-color6);--awb-margin-top:0px;--awb-margin-bottom:7px;--awb-margin-top-small:0px;--awb-margin-right-small:0px;--awb-margin-bottom-small:10px;--awb-margin-left-small:0px;--awb-font-size:16px;\"><h4 class=\"fusion-title-heading title-heading-left fusion-responsive-typography-calculated\" style=\"font-family:&quot;Poppins&quot;;font-style:normal;font-weight:400;margin:0;font-size:1em;--fontSize:16;--minFontSize:16;line-height:1.4;\">Specialist in data anonymization solutions<\/h4><\/div><div class=\"fusion-text fusion-text-17 fusion-text-no-margin\" style=\"--awb-font-size:14px;--awb-line-height:1.4;--awb-margin-bottom:0px;--awb-text-font-family:&quot;Poppins&quot;;--awb-text-font-style:normal;--awb-text-font-weight:400;\"><p>A graduate of a Master's in Information Systems Management and Digital Innovation from the Universit\u00e9 Savoie Mont Blanc, Pierre joined ARCAD Software, where he supports European companies in their sensitive data anonymization projects. With sales experience built in international B2B environments, he focuses on bridging IT and business teams to ensure the success of software implementation projects.<\/p>\n<p>For any question about anonymization, <a href=\"\/dot\/contact\/\">contact our specialists.<\/a><\/p>\n<\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/div><\/p>\n","protected":false},"excerpt":{"rendered":"<p>Data breaches in Spain: 357 million people notified since 2024. Insights from the 2026 AEPD report and anonymization solutions.<\/p>\n","protected":false},"author":1,"featured_media":14088,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[113],"tags":[],"class_list":["post-14101","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-blog-en"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>Data Breaches in Spain: 2026 AEPD Report<\/title>\n<meta name=\"description\" content=\"Data breaches in Spain: 357 million people notified since 2024. Insights from the 2026 AEPD report and anonymization solutions.\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"Data Breaches in Spain: 2026 AEPD Report\" \/>\n<meta property=\"og:description\" content=\"Data breaches in Spain: 357 million people notified since 2024. Insights from the 2026 AEPD report and anonymization solutions.\" \/>\n<meta property=\"og:url\" content=\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/\" \/>\n<meta property=\"og:site_name\" content=\"DOT - Data Oriented Testing\" \/>\n<meta property=\"article:published_time\" content=\"2026-05-27T13:14:52+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-05-29T07:50:54+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png\" \/>\n\t<meta property=\"og:image:width\" content=\"600\" \/>\n\t<meta property=\"og:image:height\" content=\"224\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"arcad74\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"arcad74\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"6 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/\"},\"author\":{\"name\":\"arcad74\",\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/#\/schema\/person\/2d1a551904ef26be16959d8f1aefa1f1\"},\"headline\":\"Data breaches in Spain: what the 2026 AEPD report reveals\",\"datePublished\":\"2026-05-27T13:14:52+00:00\",\"dateModified\":\"2026-05-29T07:50:54+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/\"},\"wordCount\":5393,\"image\":{\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png\",\"articleSection\":[\"Blog\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/\",\"url\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/\",\"name\":\"Data Breaches in Spain: 2026 AEPD Report\",\"isPartOf\":{\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png\",\"datePublished\":\"2026-05-27T13:14:52+00:00\",\"dateModified\":\"2026-05-29T07:50:54+00:00\",\"author\":{\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/#\/schema\/person\/2d1a551904ef26be16959d8f1aefa1f1\"},\"description\":\"Data breaches in Spain: 357 million people notified since 2024. Insights from the 2026 AEPD report and anonymization solutions.\",\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage\",\"url\":\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png\",\"contentUrl\":\"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png\",\"width\":600,\"height\":224,\"caption\":\"Data breaches in Spain: AEPD 2026 report and anonymization\"},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/#website\",\"url\":\"https:\/\/www.arcadsoftware.com\/dot\/\",\"name\":\"DOT - Data Oriented Testing\",\"description\":\"Confidential Data Testing Automation\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/www.arcadsoftware.com\/dot\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/www.arcadsoftware.com\/dot\/#\/schema\/person\/2d1a551904ef26be16959d8f1aefa1f1\",\"name\":\"arcad74\",\"sameAs\":[\"https:\/\/www.arcadsoftware.com\/products\/dot-anonymizer-a-multi-platform-data-masking-tool\"]}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"Data Breaches in Spain: 2026 AEPD Report","description":"Data breaches in Spain: 357 million people notified since 2024. Insights from the 2026 AEPD report and anonymization solutions.","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/","og_locale":"en_US","og_type":"article","og_title":"Data Breaches in Spain: 2026 AEPD Report","og_description":"Data breaches in Spain: 357 million people notified since 2024. Insights from the 2026 AEPD report and anonymization solutions.","og_url":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/","og_site_name":"DOT - Data Oriented Testing","article_published_time":"2026-05-27T13:14:52+00:00","article_modified_time":"2026-05-29T07:50:54+00:00","og_image":[{"width":600,"height":224,"url":"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png","type":"image\/png"}],"author":"arcad74","twitter_card":"summary_large_image","twitter_misc":{"Written by":"arcad74","Est. reading time":"6 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#article","isPartOf":{"@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/"},"author":{"name":"arcad74","@id":"https:\/\/www.arcadsoftware.com\/dot\/#\/schema\/person\/2d1a551904ef26be16959d8f1aefa1f1"},"headline":"Data breaches in Spain: what the 2026 AEPD report reveals","datePublished":"2026-05-27T13:14:52+00:00","dateModified":"2026-05-29T07:50:54+00:00","mainEntityOfPage":{"@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/"},"wordCount":5393,"image":{"@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage"},"thumbnailUrl":"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png","articleSection":["Blog"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/","url":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/","name":"Data Breaches in Spain: 2026 AEPD Report","isPartOf":{"@id":"https:\/\/www.arcadsoftware.com\/dot\/#website"},"primaryImageOfPage":{"@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage"},"image":{"@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage"},"thumbnailUrl":"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png","datePublished":"2026-05-27T13:14:52+00:00","dateModified":"2026-05-29T07:50:54+00:00","author":{"@id":"https:\/\/www.arcadsoftware.com\/dot\/#\/schema\/person\/2d1a551904ef26be16959d8f1aefa1f1"},"description":"Data breaches in Spain: 357 million people notified since 2024. Insights from the 2026 AEPD report and anonymization solutions.","inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/www.arcadsoftware.com\/dot\/resources\/blog-en\/data-breaches-in-spain-what-the-2026-aepd-report-reveals\/#primaryimage","url":"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png","contentUrl":"https:\/\/www.arcadsoftware.com\/dot\/wp-content\/uploads\/2026\/05\/data-breaches-spain-AEPD-2026-report-anonymization.png","width":600,"height":224,"caption":"Data breaches in Spain: AEPD 2026 report and anonymization"},{"@type":"WebSite","@id":"https:\/\/www.arcadsoftware.com\/dot\/#website","url":"https:\/\/www.arcadsoftware.com\/dot\/","name":"DOT - Data Oriented Testing","description":"Confidential Data Testing Automation","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/www.arcadsoftware.com\/dot\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/www.arcadsoftware.com\/dot\/#\/schema\/person\/2d1a551904ef26be16959d8f1aefa1f1","name":"arcad74","sameAs":["https:\/\/www.arcadsoftware.com\/products\/dot-anonymizer-a-multi-platform-data-masking-tool"]}]}},"_links":{"self":[{"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/posts\/14101","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/comments?post=14101"}],"version-history":[{"count":4,"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/posts\/14101\/revisions"}],"predecessor-version":[{"id":14142,"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/posts\/14101\/revisions\/14142"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/media\/14088"}],"wp:attachment":[{"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/media?parent=14101"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/categories?post=14101"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.arcadsoftware.com\/dot\/wp-json\/wp\/v2\/tags?post=14101"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}