Today we are going to give you the main keys to make adapting to the dreaded LOPD in Spain less difficult. From Letslaw , lawyers specializing in data guam business email list protection and new technologies, they explain the main keys introduced by the RGDP , which must be taken into account by all companies that process personal data , which must be adapted to this new regulation at the time of its application.
Regulation (EU) 2016/679 of the European Parliament and of the Council of 27 April 2016 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (GDPR) came into force in May 2016 and will become mandatory in May 2018.
Post Content
Key points of the new General Data Protection Regulation:
Extension of the scope of application
Changes in the duty to inform by companies
Changes in obtaining consent for the processing of personal data
New figure of the Data Protection Officer (DPO)
Obligation to notify security breaches
Data protection impact assessments
New rights for data subjects
Restriction of data transfers outside the EU
Processing of data of minors
Higher fines
Key points of the new General Data Protection Regulation:
Extension of the scope of application
The GDPR will be binding on all EU companies that process the data of European citizens. It will also apply to companies established outside the European Union that process the data of European citizens in relation to the provision of products or services to them, or to the analysis of their behaviour within the EU.
Changes in the duty to inform by companies
The GDPR expands the content of the information that companies must provide to interested parties . In this regard, the legal basis for data processing must be explained, the contact details of the Data Protection Officer must be provided (if the company has appointed one), the period of data retention must be indicated, and information must be provided on the right of interested parties to direct their complaints to the data protection authorities if they consider that their data is being processed disproportionately.
Changes in obtaining consent for the processing of personal data
The GDPR establishes that the consent of interested parties to the processing of their personal data must be free, informed, specific and unequivocal .
Consent will be deemed unequivocal when the data subject takes affirmative action to consent to the processing of his or her personal data (for example, by clicking on a box that is not checked by default).
Consent, in addition to being unequivocal, must be explicit in the case of processing sensitive data, automated decision-making and international transfers .
For all these reasons, any consents given by omission or tacit will be contrary to this new regulation.
New figure of the Data Protection Officer (DPO)
The new figure of the Data Protection Officer (DPO) will be mandatory for those companies that carry out processing that requires regular and systematic observation of interested parties on a large scale or when large-scale processing of sensitive data is carried out.
