The new General European Data Protection Regulation (RGPD) and the new Spanish Data Protection Law will involve short and medium term news for companies operating in our country. Within six months, specifically on May 25, 2018, this RGPD will enter into force and companies must update to comply with said regulation. GDPD recipients are all global organizations, both those established in member countries and those operating with the European Union.
Among the most important measures of this new General Data Protection Regulation (RGPD) highlights the obligation of companies to appoint a data protection responsible within companies.
The amount of online content forces to improve data protection
The use of digital technologies has caused the proliferation of data use: social networks, big data, cloud cooperative work, intranets, geolocation … the use of digital technology with which companies work forces greater care of data. Therefore, this GDPR forces to reinforce the cybersecurity policies in relation to the data of individuals related to the company, both internal (workers) and external (clients).
The Draft Organic Law on Data Protection in Spain
On November 10, the Council of Ministers approved the new Organic Data Protection bill. This new law aims to an increase in legal certainty. In addition, it seeks to adapt the regulations to the demands that require new digital technologies.
This law aims to adapt Spanish legislation to the GDPR that governs at European level. Thus, the Organic Data Protection Law replaces the current law.
novelties of the new Data Protection Regulation
- The figure of the data projection delegate is enhanced.
- Tacit consent for the use of personal data is excluded. That is, each person must indicate yes or not where information is requested.
- Advance at age 13 (and not 14) the consent for data processing.
- The law includes the duty of confidentiality.
- Establishes the right of heirs in the processing of the information of deceased people.
- expressly contemplate the rights of rectification, access, suppression or treatment limitation.
- The prohibition of data storage related to race, ideology, affiliation, religion, sexual orientation …
- Regulates situations of public interest.
possible sanctions? Avoid setbacks thanks to the technical advice of Verum
The administrations and legislator entities are focusing on compliance or not, by companies of legislative measures regarding data protection.
In order not to incur sanctions, contact in info@verumasesores.com with our experts in current legislative and cybersecurity.