What changes in data protection due to the application of the European Regulation
The European regulation enters into force with the aim of avoiding the misuse of citizens' basic information
It is very likely that in your personal or professional email account you have received a communication urging you to update the information in a database. The reason is that this Friday the new General Data Protection Regulation, the incorporation of European regulations, comes into force.
But the first thing to clarify is that the dreaded General Data Protection Regulation is not something new, but rather came into force no less than two years ago, on May 25, 2016, and its direct application (as in other 27 countries), which is what it is about, does not vary so much with respect to the regulations in force in Spain.
Thus, a large part of what is going to begin to be applied is not new, many rights and obligations are already included in the current Organic Law and the regulations that develop it.
To begin with, regarding the consents, which for weeks has been speculating with new requirements, the regulation does not say anything as long as there was prior consent, as is the case, for example, in the case of banks or telecommunications companies in which there is a contract behind. In other words, the request for consent was already contemplated in the current regulations, so that if it had already been requested in its day, and the way to request it is not incompatible with the Regulations, it is not necessary to request that consent again.
What does vary is the way in which personal data will be used, since the GDPR grants citizens a series of rights and establishes obligations for those who process personal data.
The novelties are the following:
The scope of application is extraterritorial. Until now, the criterion that was taken into account was whether the company or organization that processes the data was established in Spain or Europe, but since Friday the regulation does not take into account where the company is but where the affected citizen is. , and if you are a resident of the U and a company handles your data, it does not matter where that company is, the GDPR applies. But there is more, since the coverage of the regulation extends to whoever "is" in the European territory, which reinforces the universal nature of the standard.
One of the main innovations refers to the portability right of personal data between platforms, which did not exist as such. This right, according to the new regulations, implies that the interested party who has provided their data to a person in charge who is processing them automatically may request to recover that data in a format that allows it to be transferred to another person in charge, to another platform.
Nor was it included in the current legislation the right to erasure, known as the right to be forgotten, which, in addition to search engines, is extended to any person but to any person responsible for data processing”. It is a different right to cancellation.
Other novelties refer to the clear information in the privacy policies. The new regulations oblige companies to inform in a clearer and simpler way about the use and treatment that they are going to make of our data, especially when they are directed at minors. The aim is thus to put an end to the long user conditions in a very legal language as far as the treatment of information is concerned.
As for the sanctions, there are substantial changes, since the fines for violation of the data processing regulations skyrocket, going in our case from 600,000 euros to 20 million or 4% of the annual global turnover of the companies that are sanctioned, there being a scale of measures depending on the seriousness of the case.
Regarding minors, there are changes in terms of age, since the current LOPD establishes that a minor can give his consent from the age of 14. The RGPD speaks of minors from 16 years of age, but establishes that States may determine the age as long as it is not less than 13 years.
If you want more information on how the regulatory change in data protection can affect your company, you can consult our experts who will advise you accordingly.
English 
Spanish