{"id":38509,"date":"2025-10-24T12:35:17","date_gmt":"2025-10-24T10:35:17","guid":{"rendered":"https:\/\/mailcommsgroup.com\/?p=38509"},"modified":"2026-06-24T11:26:38","modified_gmt":"2026-06-24T09:26:38","slug":"gdpr-and-accountability","status":"publish","type":"post","link":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/","title":{"rendered":"GDPR and Accountability: What Is Proactive Accountability and How to Comply with It in Regulated Sectors"},"content":{"rendered":"<div class=\"wpb-content-wrapper\"><p>[vc_row type=&#8221;grid&#8221; css=&#8221;.vc_custom_1547557263471{margin-bottom: 0px !important;padding-bottom: 0px !important;}&#8221;][vc_column dp_animation=&#8221;&#8221; el_class=&#8221;El nuevo reglamento europeo obliga a recabar el consentimiento expl\u00edcito para el tratamiento de los datos de car\u00e1cter personal&#8221; font_color=&#8221;#81d742&#8243;][vc_single_image image=&#8221;38520&#8243; img_size=&#8221;full&#8221; css=&#8221;&#8221;][\/vc_column][\/vc_row][vc_row type=&#8221;grid&#8221; css=&#8221;.vc_custom_1679050935288{margin-top: 0px !important;padding-top: 0px !important;}&#8221;][vc_column dp_animation=&#8221;&#8221; css=&#8221;.vc_custom_1547557427896{padding-top: 0px !important;}&#8221;][vc_empty_space height=&#8221;80px&#8221; css=&#8221;.vc_custom_1742553516084{margin-top: -70px !important;}&#8221;][vc_column_text css=&#8221;.vc_custom_1782293070199{padding-top: 50px !important;padding-right: 50px !important;padding-bottom: 50px !important;padding-left: 50px !important;background-color: #F2F2F2 !important;}&#8221; dp_animation=&#8221;&#8221;]<span style=\"font-size: 20px;\"><strong>Table of Contents  <\/strong><\/span><\/p>\n<ol>\n<li><a href=\"#uno\">Introduction<\/a><\/li>\n<li><a href=\"#dos\">The importance of the principle of accountability<\/a><\/li>\n<li><a href=\"#tres\">Selection of effective tools for data management<\/a><\/li>\n<li><a href=\"#cuatro\">How does a qualified trusted service provider help you?<\/a><\/li>\n<li><a href=\"#cinco\">Frequently Asked Questions<\/a><\/li>\n<\/ol>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;110px&#8221; css=&#8221;.vc_custom_1760528757755{margin-top: -100px !important;}&#8221; el_id=&#8221;uno&#8221;][vc_column_text css=&#8221;.vc_custom_1760528312404{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}&#8221; dp_animation=&#8221;&#8221;]<\/p>\n<h2 style=\"margin-top: 0;\"><span style=\"color: #000000;\"><strong>Introduction<\/strong><\/span><\/h2>\n<p>[\/vc_column_text][vc_column_text css=&#8221;&#8221; dp_animation=&#8221;&#8221;]<span style=\"font-weight: 400;\">The principle of accountability, also known as proactive responsibility, is the obligation established by the General Data Protection Regulation (GDPR) under which <strong>the data controller must not only comply with data protection regulations but also be able to demonstrate such compliance through verifiable documentation, technical measures, and organizational measures<\/strong>.<\/span><\/p>\n<p>In many cases, the origin of the sanctions lies in formal non-compliance with current data protection regulations, for example, in the lack of legitimacy for data processing. There are other occasions in which the origin lies in errors in data management, which seriously compromise the rights of users from the point of view of privacy. For example, when providing information to third parties without authorization.  <\/p>\n<p>Today, in our new content of the <strong>series<\/strong> dedicated to the <strong>GDPR<\/strong>, we are going to talk about the principle of <em>accountability<\/em>.<\/p>\n<p data-path-to-node=\"2,0,0\"><b data-path-to-node=\"2,0,0\" data-index-in-node=\"0\">Protect your organization&#8217;s reputational and financial assets<\/b> by implementing automated protocols that mitigate any legal risks or penalties related to data management, thanks to our <a class=\"ng-star-inserted\" href=\"https:\/\/mailcommsgroup.com\/en\/regulatory-compliance-solutions\/\" target=\"_blank\" rel=\"noopener\">regulatory compliance solutions<\/a>.<\/p>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;120px&#8221; css=&#8221;.vc_custom_1760528760963{margin-top: -100px !important;}&#8221; el_id=&#8221;dos&#8221;][vc_column_text css=&#8221;.vc_custom_1760528368804{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}&#8221; dp_animation=&#8221;&#8221;]<\/p>\n<h2 style=\"margin-top: 0;\"><span style=\"color: #000000;\"><strong>The importance of the principle of accountability<\/strong><\/span><\/h2>\n<p>[\/vc_column_text][vc_column_text css=&#8221;&#8221; dp_animation=&#8221;&#8221;]It is true that nowadays, with the development of <strong>cybercrime<\/strong> and its technological specialization, it is difficult to prevent a security breach from turning into a leak or theft of customer data. For this reason, the General Data Protection Regulation (GDPR) obliges the data controller to use <strong>all possible means to minimize its impact on the organization<\/strong>. So much so that when a breach occurs, it is mandatory to notify the supervisory authorities within a maximum period of 72 hours. This is part of the principle of <em>accountability,<\/em> also called proactive responsibility.   <\/p>\n<p><strong><em>Accountability<\/em><\/strong> is understood as <strong>the ability of the responsible party to comply (and demonstrate that it does so) with data protection regulations.<\/strong> Some of the companies recently sanctioned by the AEPD, according to the agency&#8217;s own pronouncement, did not respect this principle. For example, one of the fines imposed on a company was due to the failure to update the data of a client, which resulted in its inclusion in a file of non-payments. In other cases of sanctioned companies, the reason was the lack of a database that would allow their data to be processed with guarantees. Or, again, their inability to prove that the client or user of the service gave his consent. In these cases, the result was a breach of Article 7.1 of the GDPR:    <\/p>\n<p><em>1. Where the processing is based on the data subject&#8217;s consent, the controller shall be able to demonstrate that the data subject consented to the processing of his or her personal data.<\/em><\/p>\n<p>In any of the cases mentioned above, a lack of compliance with the principle of proactive responsibility of the responsible party is detected, thus showing that data management does not comply with the requirements of the regulation.<\/p>\n<table style=\"width: 100%; border-collapse: collapse; border-spacing: 0; font-family: Arial, Helvetica, sans-serif; font-size: 16px; color: #2c2c2c; margin-top: 20px; margin-bottom: 20px;\">\n<thead>\n<tr style=\"background-color: #47d7ac !important;\">\n<th style=\"color: #ffffff !important; font-weight: bold; padding: 12px 14px; text-align: left; border: none; width: 30%;\">Accountability Requirement<\/th>\n<th style=\"color: #ffffff !important; font-weight: bold; padding: 12px 14px; text-align: left; border: none; width: 50%;\">Practical Description<\/th>\n<th style=\"color: #ffffff !important; font-weight: bold; padding: 12px 14px; text-align: left; border: none; width: 20%;\">Legal Basis: GDPR<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"background-color: #ffffff; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Record of Processing Activities<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Document all data processing activities carried out by the organization<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Art. 30<\/td>\n<\/tr>\n<tr style=\"background-color: #f9f9f9; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Impact Assessment (EIPD)<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Conduct a preliminary risk analysis for high-risk processing operations<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Art. 35<\/td>\n<\/tr>\n<tr style=\"background-color: #ffffff; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Privacy by Design and Default<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Incorporating data protection into the design of processes and systems<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Art. 25<\/td>\n<\/tr>\n<tr style=\"background-color: #f9f9f9; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Contracts with Data Processors<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Document relationships with vendors that process data on behalf of the data controller<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Art. 28<\/td>\n<\/tr>\n<tr style=\"background-color: #ffffff; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Notification of Security Breaches<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Report any breach affecting individuals\u2019 rights to the AEPD within 72 hours<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Art. 33<\/td>\n<\/tr>\n<tr style=\"background-color: #f9f9f9; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Proof of Consent<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Demonstrate that the data subject provided valid and informed consent<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Art. 7.1<\/td>\n<\/tr>\n<tr style=\"background-color: #ffffff; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Appointment of a DPO (where applicable)<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Appoint a Data Protection Officer in organizations subject to this requirement<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Art. 37<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-38523 aligncenter pd-t-10\" title=\"data-protection\" src=\"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/proteccion-de-datos.webp\" alt=\"Data protection\" width=\"892\" height=\"418\" srcset=\"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/proteccion-de-datos.webp 892w, https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/proteccion-de-datos-300x141.webp 300w, https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/proteccion-de-datos-768x360.webp 768w\" sizes=\"auto, (max-width: 892px) 100vw, 892px\" \/>[\/vc_column_text][vc_empty_space height=&#8221;120px&#8221; css=&#8221;.vc_custom_1760528764291{margin-top: -100px !important;}&#8221; el_id=&#8221;tres&#8221;][vc_column_text css=&#8221;.vc_custom_1760528573371{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}&#8221; dp_animation=&#8221;&#8221;]<\/p>\n<h2 style=\"margin-top: 0;\"><span style=\"color: #000000;\"><strong>Selection of effective tools for data management<\/strong><\/span><\/h2>\n<p>[\/vc_column_text][vc_column_text css=&#8221;&#8221; dp_animation=&#8221;&#8221;]It is fair to say that <strong>data management is not simple<\/strong> because of its volume and complexity. In many cases it will also depend on other factors such as, for example, the necessary investment (economic and human) to manage them in accordance with the law. <\/p>\n<p>However, today there are <strong>agile tools<\/strong> <strong>that make it possible to centralize and safeguard<\/strong> users&#8217; consents throughout the life cycle of their contractual relationship, including the possibility for the interested party to withdraw their authorization at any time, and with guarantees.<\/p>\n<p>In addition, these tools comply with the principles of <em><strong>privacy by design and default<\/strong>,<\/em> which incorporate the highest security measures and privacy standards for customer data. They also help to prove, if necessary, that the data controller has obtained it legitimately. <\/p>\n<p><span style=\"font-weight: 400;\">In practice, a consent management platform (CMP) integrated with communication channels\u2014email, SMS, WhatsApp\u2014allows organizations to centralize consent records, manage their validity, track withdrawals, and generate auditable evidence in real time. When that platform is operated by a Qualified Trust Service Provider (QTSP) under eIDAS, the evidence generated is presumed to be legally valid throughout the EU, which significantly strengthens the data controller\u2019s position before the AEPD. <\/span><\/p>\n<p data-path-to-node=\"2,0,0\"><b data-path-to-node=\"2,0,0\" data-index-in-node=\"0\">Avoid costly penalties and data audits in your campaigns and communications<\/b> by ensuring that permission collection is 100% auditable and transparent in accordance with <a class=\"ng-star-inserted\" href=\"https:\/\/mailcommsgroup.com\/en\/regulatory-compliance-solutions\/rgpd-consent-management\/\" target=\"_blank\" rel=\"noopener\">GDPR standards and consent management practices<\/a>.<\/p>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;120px&#8221; css=&#8221;.vc_custom_1760528766851{margin-top: -100px !important;}&#8221; el_id=&#8221;cuatro&#8221;][vc_column_text css=&#8221;.vc_custom_1760528621643{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}&#8221; dp_animation=&#8221;&#8221;]<\/p>\n<h2 style=\"margin-top: 0;\"><span style=\"color: #000000;\"><strong>How does a qualified trusted service provider help you?<\/strong><\/span><\/h2>\n<p>[\/vc_column_text][vc_column_text css=&#8221;&#8221; dp_animation=&#8221;&#8221;]Many of the errors committed in the processing of data are due to a failure to obtain the consent of the data subjects or their inability to adequately safeguard it and be able to demonstrate it accordingly.<\/p>\n<p>In this sense, <strong>a qualified trusted service provider<\/strong>, such as MailComms Group, <strong>certifies that the communication of consent has occurred correctly and can provide all the traceability of sending and receiving your consent through any channel:<\/strong> email, SMS, WhatsApp, etc. In this way, the data controller will have the opportunity to prove that the consent has been obtained correctly. This way, it will be able to provide it as evidence in the event of a claim by the customer or even in the allegations procedure in the event of a claim by the AEPD (Spanish Data Protection Agency).  <\/p>\n<p>MailComms Group also makes it easier for <em>accountability<\/em> officers to comply with regulations by being a certified provider of <strong>ISO 27001<\/strong> (Information Security Management System) and <strong>ISO 27701<\/strong> (Privacy Information Management System).<\/p>\n<p>This latest standard is an extension of ISO 27001 and 27002, which address specific requirements that will ensure that organizations have comprehensive and universally applicable data governance that is directly aligned with the legislative requirements of their jurisdictions. Hence the importance of selecting both solutions and vendors that ensure 360\u00ba security around these ISOs and their prominent concepts: information security and privacy. <\/p>\n<p data-path-to-node=\"2,0,0\"><b data-path-to-node=\"2,0,0\" data-index-in-node=\"0\">Improve navigation on your websites and optimize the user experience for all your users<\/b>, regardless of their abilities, by staying ahead of the inclusive design requirements set forth <a class=\"ng-star-inserted\" href=\"https:\/\/mailcommsgroup.com\/en\/blog\/new-european-accessibility-law\/\" target=\"_blank\" rel=\"noopener\">in the new European Accessibility Act<\/a>.<\/p>\n<table style=\"width: 100%; border-collapse: collapse; border-spacing: 0; font-family: Arial, Helvetica, sans-serif; font-size: 16px; color: #2c2c2c; margin-top: 20px; margin-bottom: 20px;\">\n<thead>\n<tr style=\"background-color: #47d7ac !important;\">\n<th style=\"color: #ffffff !important; font-weight: bold; padding: 12px 14px; text-align: left; border: none; width: 40%;\">The Need for Accountability<\/th>\n<th style=\"color: #ffffff !important; font-weight: bold; padding: 12px 14px; text-align: left; border: none; width: 60%;\">How does a PSCC like MailComms address this?<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr style=\"background-color: #ffffff; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Demonstrate that consent was obtained properly<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Certification of the sending, receipt, and content of the consent with full traceability by channel (email, SMS, WhatsApp)<\/td>\n<\/tr>\n<tr style=\"background-color: #f9f9f9; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Verify the validity of consent with the AEPD<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">The PSCC generates electronic evidence with probative value under eIDAS, with a legal presumption of authenticity<\/td>\n<\/tr>\n<tr style=\"background-color: #ffffff; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Management of Consent Withdrawals<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Certified record of the withdrawal, including the date, channel, and exact content of the communication<\/td>\n<\/tr>\n<tr style=\"background-color: #f9f9f9; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Compliance with data breach notification within 72 hours<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Traceability of access and communications to facilitate the identification and scope of the breach<\/td>\n<\/tr>\n<tr style=\"background-color: #ffffff; border-bottom: 1px solid #e5e5e5;\">\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">Demonstrating Information Security (ISO 27001)<\/td>\n<td style=\"padding: 12px 14px; vertical-align: top; line-height: 1.4; text-align: left;\">MailComms Group is certified to ISO 27001 (security) and ISO 27701 (privacy), demonstrating compliance with the required management standards<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"size-full wp-image-38526 aligncenter pd-t-10\" title=\"lender-of-reliance\" src=\"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/prestador-de-confianza.webp\" alt=\"Trusted provider\" width=\"892\" height=\"418\" srcset=\"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/prestador-de-confianza.webp 892w, https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/prestador-de-confianza-300x141.webp 300w, https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/prestador-de-confianza-768x360.webp 768w\" sizes=\"auto, (max-width: 892px) 100vw, 892px\" \/><\/p>\n<p><span style=\"font-weight: 400;\">If your organization operates in sectors such as banking, insurance, utilities, or telecommunications, demonstrating accountability is not a one-time task but an ongoing process that must be supported by certified evidence. At MailComms Group, as an ISO 27001- and ISO 27701-certified Qualified Trust Service Provider (QTSP), we help you manage the entire consent cycle \u2014 collection, storage, withdrawal, and demonstration \u2014 with full legal validity under eIDAS and auditability by the AEPD at any time. <\/span><\/p>\n<p><strong>View <a href=\"https:\/\/mailcommsgroup.com\/en\/regulatory-compliance-solutions\/rgpd-consent-management\/\">the GDPR consent management solution<\/a><\/strong><\/p>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;120px&#8221; css=&#8221;.vc_custom_1782292865518{margin-top: -100px !important;}&#8221; el_id=&#8221;cinco&#8221;][vc_column_text css=&#8221;.vc_custom_1782292875119{padding-top: 15px !important;padding-right: 15px !important;padding-bottom: 15px !important;padding-left: 15px !important;background-color: #47d7ac !important;}&#8221; dp_animation=&#8221;&#8221;]<\/p>\n<h2 style=\"margin-top: 0;\"><span style=\"color: #000000;\"><strong>Frequently Asked Questions<\/strong><\/span><\/h2>\n<p>[\/vc_column_text][vc_empty_space height=&#8221;10px&#8221;][vc_toggle title=&#8221;What is the principle of accountability under the GDPR?&#8221; style=&#8221;arrow&#8221; color=&#8221;black&#8221; custom_font_container=&#8221;tag:h3|font_size:20px|text_align:left&#8221; custom_google_fonts=&#8221;font_family:Dosis%3A200%2C300%2Cregular%2C500%2C600%2C700%2C800|font_style:700%20bold%20regular%3A700%3Anormal&#8221; css=&#8221;&#8221; use_custom_heading=&#8221;true&#8221; custom_el_class=&#8221;mg-b-0 fondo-gris-preguntas-frecuentes&#8221;]<\/p>\n<p style=\"font-size: 16px;\">The principle of accountability, or proactive responsibility, is the obligation established in Article 5.2 of the GDPR, under which the data controller must not only comply with data protection principles but also be able to demonstrate such compliance through documentation and verifiable measures. It implies an active approach: it is not enough simply to avoid non-compliance; one must be able to prove compliance. <\/p>\n<p>[\/vc_toggle][vc_toggle title=&#8221;What specific obligations does accountability entail for a company?&#8221; style=&#8221;arrow&#8221; color=&#8221;black&#8221; custom_font_container=&#8221;tag:h3|font_size:20px|text_align:left&#8221; custom_google_fonts=&#8221;font_family:Dosis%3A200%2C300%2Cregular%2C500%2C600%2C700%2C800|font_style:700%20bold%20regular%3A700%3Anormal&#8221; css=&#8221;&#8221; use_custom_heading=&#8221;true&#8221; custom_el_class=&#8221;mg-b-0 fondo-gris-preguntas-frecuentes&#8221;]<\/p>\n<p style=\"font-size: 16px;\">Among the main obligations are: maintaining a record of processing activities (Art. 30), conducting impact assessments for high-risk processing operations (Art. 35), implementing privacy by design and by default (Art. 25), documenting contracts with data processors (Art. 28), notifying the AEPD of data breaches within 72 hours (Art. 33), and being able to demonstrate at any time that the data subject\u2019s consent was validly obtained (Art. 7.1).<\/p>\n<p>[\/vc_toggle][vc_toggle title=&#8221;What penalties can the AEPD impose for failure to comply with accountability requirements?&#8221; style=&#8221;arrow&#8221; color=&#8221;black&#8221; custom_font_container=&#8221;tag:h3|font_size:20px|text_align:left&#8221; custom_google_fonts=&#8221;font_family:Dosis%3A200%2C300%2Cregular%2C500%2C600%2C700%2C800|font_style:700%20bold%20regular%3A700%3Anormal&#8221; css=&#8221;&#8221; use_custom_heading=&#8221;true&#8221; custom_el_class=&#8221;mg-b-0 fondo-gris-preguntas-frecuentes&#8221;]<\/p>\n<p style=\"font-size: 16px;\">Fines can reach up to 10 million euros or 2% of global annual revenue for serious violations, and up to 20 million euros or 4% for very serious violations. The AEPD has recently imposed fines on companies in the banking, insurance, telecommunications, and utilities sectors for violations related to the lack of a legal basis for data processing, improper inclusion in delinquent debtor files, and failure to demonstrate consent. <\/p>\n<p>[\/vc_toggle][vc_toggle title=&#8221;How can a company demonstrate that it obtained consent properly?&#8221; style=&#8221;arrow&#8221; color=&#8221;black&#8221; custom_font_container=&#8221;tag:h3|font_size:20px|text_align:left&#8221; custom_google_fonts=&#8221;font_family:Dosis%3A200%2C300%2Cregular%2C500%2C600%2C700%2C800|font_style:700%20bold%20regular%3A700%3Anormal&#8221; css=&#8221;&#8221; use_custom_heading=&#8221;true&#8221; custom_el_class=&#8221;mg-b-0 fondo-gris-preguntas-frecuentes&#8221;]<\/p>\n<p style=\"font-size: 16px;\">Through certified electronic evidence attesting to the sending, receipt, and content of the consent notice, including a timestamp and traceability of the channel used. When this evidence is generated by a Qualified Trust Service Provider (QTSP) under eIDAS, it is presumed to be legally valid throughout the EU, which places the data controller in a position of evidentiary advantage in the event of any claim or proceeding by the AEPD. <\/p>\n<p>[\/vc_toggle][vc_toggle title=&#8221;What is the difference between ISO 27001 and ISO 27701 in the context of the GDPR?&#8221; style=&#8221;arrow&#8221; color=&#8221;black&#8221; custom_font_container=&#8221;tag:h3|font_size:20px|text_align:left&#8221; custom_google_fonts=&#8221;font_family:Dosis%3A200%2C300%2Cregular%2C500%2C600%2C700%2C800|font_style:700%20bold%20regular%3A700%3Anormal&#8221; css=&#8221;&#8221; use_custom_heading=&#8221;true&#8221; custom_el_class=&#8221;mg-b-0 fondo-gris-preguntas-frecuentes&#8221;]<\/p>\n<p style=\"font-size: 16px;\">ISO 27001 certifies an organization\u2019s Information Security Management System (ISMS), attesting that it has technical and organizational controls in place to protect information. ISO 27701 is a specific extension of ISO 27001 focused on privacy: it extends the ISMS to include personal data governance and GDPR requirements, making it easier to demonstrate compliance with the principle of accountability. <\/p>\n<p>[\/vc_toggle][\/vc_column][\/vc_row]<\/p>\n<\/div>","protected":false},"excerpt":{"rendered":"<p>In this article we explain the principle of accountability, key to avoid mistakes in the management of personal data. Enjoy a new entry in our series of contents on the GDPR. <\/p>\n","protected":false},"author":1,"featured_media":38520,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_acf_changed":false,"footnotes":""},"categories":[480],"class_list":["post-38509","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-communication-solutions-with-legal-value"],"acf":[],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.8 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>GDPR and Accountability \u25b7 Penalties Imposed by the AEPD<\/title>\n<meta name=\"description\" content=\"Learn about the key obligations, the penalties imposed by the AEPD, and how a qualified trusted service provider can help you demonstrate consent\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"GDPR and Accountability \u25b7 Penalties Imposed by the AEPD\" \/>\n<meta property=\"og:description\" content=\"Learn about the key obligations, the penalties imposed by the AEPD, and how a qualified trusted service provider can help you demonstrate consent\" \/>\n<meta property=\"og:url\" content=\"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/\" \/>\n<meta property=\"og:site_name\" content=\"Mailcomms Group\" \/>\n<meta property=\"article:published_time\" content=\"2025-10-24T10:35:17+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2026-06-24T09:26:38+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/accountability-proteccion-de-datos.webp\" \/>\n\t<meta property=\"og:image:width\" content=\"892\" \/>\n\t<meta property=\"og:image:height\" content=\"623\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/webp\" \/>\n<meta name=\"author\" content=\"Mailcomms Group\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@CommsCustomer\" \/>\n<meta name=\"twitter:site\" content=\"@CommsCustomer\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Mailcomms Group\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"11 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\\\/\\\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/#article\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/\"},\"author\":{\"name\":\"Mailcomms Group\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#\\\/schema\\\/person\\\/c3a3ecfc795ade78319e6b1af9d65684\"},\"headline\":\"GDPR and Accountability: What Is Proactive Accountability and How to Comply with It in Regulated Sectors\",\"datePublished\":\"2025-10-24T10:35:17+00:00\",\"dateModified\":\"2026-06-24T09:26:38+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/\"},\"wordCount\":2314,\"publisher\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#organization\"},\"image\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailcommsgroup.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/accountability-proteccion-de-datos.webp\",\"articleSection\":[\"Communication solutions with legal value\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/\",\"url\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/\",\"name\":\"GDPR and Accountability \u25b7 Penalties Imposed by the AEPD\",\"isPartOf\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/#primaryimage\"},\"image\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/#primaryimage\"},\"thumbnailUrl\":\"https:\\\/\\\/mailcommsgroup.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/accountability-proteccion-de-datos.webp\",\"datePublished\":\"2025-10-24T10:35:17+00:00\",\"dateModified\":\"2026-06-24T09:26:38+00:00\",\"description\":\"Learn about the key obligations, the penalties imposed by the AEPD, and how a qualified trusted service provider can help you demonstrate consent\",\"breadcrumb\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/#primaryimage\",\"url\":\"https:\\\/\\\/mailcommsgroup.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/accountability-proteccion-de-datos.webp\",\"contentUrl\":\"https:\\\/\\\/mailcommsgroup.com\\\/wp-content\\\/uploads\\\/2025\\\/10\\\/accountability-proteccion-de-datos.webp\",\"width\":892,\"height\":623,\"caption\":\"accountability (protecci\u00f3n de datos)\"},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/gdpr-and-accountability\\\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Mailcomms Group\",\"item\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"Blog\",\"item\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/\"},{\"@type\":\"ListItem\",\"position\":3,\"name\":\"GDPR and Accountability: What Is Proactive Accountability and How to Comply with It in Regulated Sectors\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#website\",\"url\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/\",\"name\":\"MailComms Group\",\"description\":\"La transformaci\u00f3n digital a trav\u00e9s de la comunicaci\u00f3n omnicanal, con plena validez legal.\",\"publisher\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#organization\"},\"alternateName\":\"MailComms Group\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#organization\",\"name\":\"MailComms Group - Soluciones de comunicaci\u00f3n omnicanal con validez legal.\",\"alternateName\":\"MailComms Group\",\"url\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\",\"url\":\"https:\\\/\\\/mailcommsgroup.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/icon_mini_mailcommsgroup.png\",\"contentUrl\":\"https:\\\/\\\/mailcommsgroup.com\\\/wp-content\\\/uploads\\\/2023\\\/05\\\/icon_mini_mailcommsgroup.png\",\"width\":512,\"height\":512,\"caption\":\"MailComms Group - Soluciones de comunicaci\u00f3n omnicanal con validez legal.\"},\"image\":{\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#\\\/schema\\\/logo\\\/image\\\/\"},\"sameAs\":[\"https:\\\/\\\/x.com\\\/CommsCustomer\",\"https:\\\/\\\/www.linkedin.com\\\/company\\\/customercomms\\\/\",\"https:\\\/\\\/www.youtube.com\\\/channel\\\/UCtvYLee1QHy89JS2-gMgnTQ\"]},{\"@type\":\"Person\",\"@id\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/#\\\/schema\\\/person\\\/c3a3ecfc795ade78319e6b1af9d65684\",\"name\":\"Mailcomms Group\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f4012bdfd3c1190166ba510602a508ab2a504cafc93cf37f0c8cbdc54e85846a?s=96&d=mm&r=g\",\"url\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f4012bdfd3c1190166ba510602a508ab2a504cafc93cf37f0c8cbdc54e85846a?s=96&d=mm&r=g\",\"contentUrl\":\"https:\\\/\\\/secure.gravatar.com\\\/avatar\\\/f4012bdfd3c1190166ba510602a508ab2a504cafc93cf37f0c8cbdc54e85846a?s=96&d=mm&r=g\",\"caption\":\"Mailcomms Group\"},\"sameAs\":[\"https:\\\/\\\/mailcommsgroup.com\"],\"url\":\"https:\\\/\\\/mailcommsgroup.com\\\/en\\\/blog\\\/author\\\/ntrwrks_ccmms\\\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"GDPR and Accountability \u25b7 Penalties Imposed by the AEPD","description":"Learn about the key obligations, the penalties imposed by the AEPD, and how a qualified trusted service provider can help you demonstrate consent","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/","og_locale":"en_US","og_type":"article","og_title":"GDPR and Accountability \u25b7 Penalties Imposed by the AEPD","og_description":"Learn about the key obligations, the penalties imposed by the AEPD, and how a qualified trusted service provider can help you demonstrate consent","og_url":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/","og_site_name":"Mailcomms Group","article_published_time":"2025-10-24T10:35:17+00:00","article_modified_time":"2026-06-24T09:26:38+00:00","og_image":[{"width":892,"height":623,"url":"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/accountability-proteccion-de-datos.webp","type":"image\/webp"}],"author":"Mailcomms Group","twitter_card":"summary_large_image","twitter_creator":"@CommsCustomer","twitter_site":"@CommsCustomer","twitter_misc":{"Written by":"Mailcomms Group","Est. reading time":"11 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/#article","isPartOf":{"@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/"},"author":{"name":"Mailcomms Group","@id":"https:\/\/mailcommsgroup.com\/en\/#\/schema\/person\/c3a3ecfc795ade78319e6b1af9d65684"},"headline":"GDPR and Accountability: What Is Proactive Accountability and How to Comply with It in Regulated Sectors","datePublished":"2025-10-24T10:35:17+00:00","dateModified":"2026-06-24T09:26:38+00:00","mainEntityOfPage":{"@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/"},"wordCount":2314,"publisher":{"@id":"https:\/\/mailcommsgroup.com\/en\/#organization"},"image":{"@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/#primaryimage"},"thumbnailUrl":"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/accountability-proteccion-de-datos.webp","articleSection":["Communication solutions with legal value"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/","url":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/","name":"GDPR and Accountability \u25b7 Penalties Imposed by the AEPD","isPartOf":{"@id":"https:\/\/mailcommsgroup.com\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/#primaryimage"},"image":{"@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/#primaryimage"},"thumbnailUrl":"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/accountability-proteccion-de-datos.webp","datePublished":"2025-10-24T10:35:17+00:00","dateModified":"2026-06-24T09:26:38+00:00","description":"Learn about the key obligations, the penalties imposed by the AEPD, and how a qualified trusted service provider can help you demonstrate consent","breadcrumb":{"@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/#primaryimage","url":"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/accountability-proteccion-de-datos.webp","contentUrl":"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2025\/10\/accountability-proteccion-de-datos.webp","width":892,"height":623,"caption":"accountability (protecci\u00f3n de datos)"},{"@type":"BreadcrumbList","@id":"https:\/\/mailcommsgroup.com\/en\/blog\/gdpr-and-accountability\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Mailcomms Group","item":"https:\/\/mailcommsgroup.com\/en\/"},{"@type":"ListItem","position":2,"name":"Blog","item":"https:\/\/mailcommsgroup.com\/en\/blog\/"},{"@type":"ListItem","position":3,"name":"GDPR and Accountability: What Is Proactive Accountability and How to Comply with It in Regulated Sectors"}]},{"@type":"WebSite","@id":"https:\/\/mailcommsgroup.com\/en\/#website","url":"https:\/\/mailcommsgroup.com\/en\/","name":"MailComms Group","description":"La transformaci\u00f3n digital a trav\u00e9s de la comunicaci\u00f3n omnicanal, con plena validez legal.","publisher":{"@id":"https:\/\/mailcommsgroup.com\/en\/#organization"},"alternateName":"MailComms Group","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/mailcommsgroup.com\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/mailcommsgroup.com\/en\/#organization","name":"MailComms Group - Soluciones de comunicaci\u00f3n omnicanal con validez legal.","alternateName":"MailComms Group","url":"https:\/\/mailcommsgroup.com\/en\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/mailcommsgroup.com\/en\/#\/schema\/logo\/image\/","url":"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2023\/05\/icon_mini_mailcommsgroup.png","contentUrl":"https:\/\/mailcommsgroup.com\/wp-content\/uploads\/2023\/05\/icon_mini_mailcommsgroup.png","width":512,"height":512,"caption":"MailComms Group - Soluciones de comunicaci\u00f3n omnicanal con validez legal."},"image":{"@id":"https:\/\/mailcommsgroup.com\/en\/#\/schema\/logo\/image\/"},"sameAs":["https:\/\/x.com\/CommsCustomer","https:\/\/www.linkedin.com\/company\/customercomms\/","https:\/\/www.youtube.com\/channel\/UCtvYLee1QHy89JS2-gMgnTQ"]},{"@type":"Person","@id":"https:\/\/mailcommsgroup.com\/en\/#\/schema\/person\/c3a3ecfc795ade78319e6b1af9d65684","name":"Mailcomms Group","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/secure.gravatar.com\/avatar\/f4012bdfd3c1190166ba510602a508ab2a504cafc93cf37f0c8cbdc54e85846a?s=96&d=mm&r=g","url":"https:\/\/secure.gravatar.com\/avatar\/f4012bdfd3c1190166ba510602a508ab2a504cafc93cf37f0c8cbdc54e85846a?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/f4012bdfd3c1190166ba510602a508ab2a504cafc93cf37f0c8cbdc54e85846a?s=96&d=mm&r=g","caption":"Mailcomms Group"},"sameAs":["https:\/\/mailcommsgroup.com"],"url":"https:\/\/mailcommsgroup.com\/en\/blog\/author\/ntrwrks_ccmms\/"}]}},"_links":{"self":[{"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/posts\/38509","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/comments?post=38509"}],"version-history":[{"count":11,"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/posts\/38509\/revisions"}],"predecessor-version":[{"id":45418,"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/posts\/38509\/revisions\/45418"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/media\/38520"}],"wp:attachment":[{"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/media?parent=38509"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/mailcommsgroup.com\/en\/wp-json\/wp\/v2\/categories?post=38509"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}