GDPR

What is GDPR?

The General Data Protection Regulation or GDPR is a European regulation adopted in 2016 and became enforceable in May 2018. The main objective of the European Parliament and Council was to unify the laws of protection of personal data of all member states.

The necessary conditions for the treatment of personal data have been tightened, compared to the Organic Law on Data Protection (LOPD). The rights of the interested party are expanded in the European regulation.

Who must comply with the GDPR?

The GDPR is a regulation in the European Union (EU), therefore it must be applied by both European companies and companies that do business within the European Union and handle information of any kind.

How should they apply it? Among the modifications to the new regulation, the consent for the treatment of the data stands out, which must be express and verifiable, without the risk of being deduced from the silence or inaction of the interested party. This forces companies to keep and review the form in which they obtain and register consent, since the measures authorized by tacit permission in the previous regulations ceased to be in force on May 25, 2018.

We understand “Data Processing” according to article 5.1.t) of the RLOPD as “any operation or technical procedure, whether or not automated, that allows the collection, recording, conservation, preparation, modification, consultation, use, cancellation, blocking or deletion, as well as the transfers of data resulting from communications, queries, interconnections and transfers ».

The fines for non-compliance with the GDPR can reach 20 million euros.