This post is also available in: esEspañol

Why is the new Spanish Data Protection Act necessary and how does it relate to the General Data Protection Regulation (“GDPR?)”

The GDPR has been directly applicable in all Member States since May 25, 2018, therefore unifying the legal framework for data protection in the EU. However, the GDPR refers to national legislation several times to clarify certain aspects, which are left to the discretion of the Member States.

Although the GDPR does not have to be transposed, as it is a regulation, it is necessary to (i) bring national legislation into line with the new legal framework, and (ii) develop and specify the elements of the GDPR that are left to the discretion of national lawmakers.

The Spanish Act on Data Protection and Guarantee of Digital Rights expressly repeals the former Spanish Data Protection Act of 1999 and Royal Decree Law 5/2018, of July 27, on urgent measures for adapting Spanish law to EU legislation on data protection.

The main new developments of the Spanish Act on Data Protection and Guarantee of Digital Rights Act are as follows:

  • It regulates the system of information by layers to meet information obligations.
  • It assumes the legality of certain data processing.
  • It specifies a series of cases in which a data protection officer (“DPO”) must be appointed.
  • It establishes the statute-of-limitations period for offenses and sanctions.
  • It includes criteria for establishing the amount of the sanctions.
  • It regulates citizens’ digital rights, including a series of rights in the workplace.
  • In upcoming blog entries we will briefly address these and other key points of the act.

This post is also available in: esEspañol

Autores:

Graduada

51 artículos



esther.ballesteros@cuatrecasas.com

Asociado

30 artículos

Jorge Monclús

jorge.monclus@cuatrecasas.com

Leave a Reply

Your email address will not be published. Required fields are marked *