The GDPR is a regulation in the European Union (EU), therefore it must be applied by both European companies and companies that do business within the European Union and handle information of any kind.
How should they apply it? Among the modifications to the new regulation, the consent for the treatment of the data stands out, which must be express and verifiable, without the risk of being deduced from the silence or inaction of the interested party. This forces companies to keep and review the form in which they obtain and register consent, since the measures authorized by tacit permission in the previous regulations ceased to be in force on May 25, 2018.
We understand “Data Processing” according to article 5.1.t) of the RLOPD as “any operation or technical procedure, whether or not automated, that allows the collection, recording, conservation, preparation, modification, consultation, use, cancellation, blocking or deletion, as well as the transfers of data resulting from communications, queries, interconnections and transfers ».
The fines for non-compliance with the GDPR can reach 20 million euros.