On 25th May 2018, the Spanish General Regulation for Data Protection (“RGPD”) is expected to be applied, with the following novelties regarding the Data Protection Law (“LOPD”) currently in force to be stressed:
I. So far, the regulations had only been applied to those persons responsible for or in charge of data processing with domicile in the European Community. The new territorial scope, however, also includes non-resident responsible persons whose data processing activities are related to the supply of goods and services to EC- citizens or to the control of these within the Community.
II.The data subjects’ rights are extended to the so-called right “to be forgotten” and the right of portability, meaning that the citizens’ personal data must not be disseminated through the Internet when the permission no longer exists, the data have been illicitly obtained or the purpose they were collected for has been accomplished, and that the data must be recoverable in a way that they can easily be transferred to another responsible.
III. What the consent for the treatment of personal data refers to, a tacit approval as laid down under the original Data Protection Law (LOPD) shall no longer be considered valid; the new regulations rather require a free, explicit and informed consent.
IV. Proactivity based on technical and organizational protection measures adopted by companies that process personal data.