Data Protection

With the European Data Protection Regulation (GDPR), there are many aspectswhich must be taken into account to comply with data protection laws and cookies in Europe.

If your company operates in Spain or any other European country, you must comply with both EU and national regulations guaranteeing the protection of personal data of residents in Europe. It is a legal obligation, and failure to comply can result in a fine of up to €20,000,000 or 4% of the company’s overall annual turnover.

This means if you have a website or a database with the names, surnames, e-mail addresses and/or telephone numbers of your customers and suppliers, you must implement a series of measures complying with the general data protection regulations.

For instance, you will need to have a processing register, which replaces old record files. You also must detail the security measures for each register. You must also receive the explicit consent of the users, who acquire new rights:

• The right of access –the purposes of the processing, what personal data are processed, what possibilities of data communications and recipients of the data, how much time is envisaged for such data to be kept, how to rectify/delete/limit/oppose against the processing of the data.
• The right to rectification–when data are inaccurate, have been obtained unlawfully, but do not wish to be deleted.
• The right of suppression–also known as the “right to be forgotten”.
• The right to restrict processing –using only part of the data.
• The right to data portability–right to have your data transmitted from one controller to another directly when technically possible.
• The right to object –to prevent the data from being used for a certain purpose.

Also, each company or self-employed professional must have a person specifically in charge who possesses the necessary knowledge to ensure the proper processing of personal data, namely the Data Protection Officer (DPD).