Data Protection

THE NEW LOPDGDD

With the publication in the Official State Gazette (BOE), this new data protection regulation repeals the previous Organic Law on Data Protection (LOPD) of 1999 and links to the European data protection regulation.

The name of the new one is a bit longer: Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD).

After two years of intense work, not without controversy, the Spanish already have a rule that also regulates in its title X, seventeen new digital rights.

The new Organic Law is structured in 97 articles, 22 additional provisions, a single repeal provision, 6 transitory and 16 final ones that aims to offer adequate legal security for those concepts that were not clear after the entry into force of the General Data Protection Regulation (RGPD) on May 25 throughout Europe.

This new norm, which abolishes the previous LOPD of 1999 and the RDL of urgent measures that the Ministry of Justice validated in Parliament to avoid a legislative vacuum until this new LOPDGDD is approved.

Next, we will expose clearly and through diagrams the highlights that the new LOPDGDD brings us:

• 

This service is performed in collaboration with professional experts in regulatory compliance of AUDITDATA.

GENERAL REGULATION OF DATA PROTECTION

Community Regulation No. 2016/679 of April 27, 2016 (RGPD) is the most relevant standard that has been adopted in recent years in the field of privacy. However, entities have a period of two years from the publication of the Regulation to adapt to this new rule. Specifically, it will be applicable as of May 25, 2018.

The company AUDITDATA PROTECCION DE DATOS, S.L. has extensive experience and knowledge of all the legal solutions that a company may need regarding the processing of personal data.

We are prepared to advise companies in their adaptation to the new regulatory framework derived from the European Data Protection Regulation.

We are pleased to expose below the scope of the services that we propose to you in the event that you choose the solution of adapting your company and the computer system to the RGPD, LOPDGDD and LSSI with us.

To guarantee full adaptation to the Data Protection regulations, your business association must carry out this procedure completely, according to the guidelines indicated by our managers:

- EVALUATION OF THE STARTING SITUATION

The first step for the implementation of the RGPD is the analysis of the current data processing procedures. For this we will request the last audit (if any), as well as the Security Document.

- ANALYSIS OF TREATMENT ACTIVITIES

Our managers will evaluate the security of the data, the processes carried out by the company with said data and the possible risks derived, as well as the regulatory compliance in this sense of your organization.

- RESULT OF ANALYSIS AND ESTABLISHMENT OF A ROADMAP FOR IMPLEMENTATION

Once the risks and the mandatory corrections have been identified, a direction will be developed in which to focus the implementation to incorporate the mandatory procedures established by the Regulation and thus be able to comply with the standard and offer total security in their treatment. In summary, it will be guaranteed that the entity's resources are sufficient to achieve this plan.

- IMPLANTATION

The implementation process will consist, depending on the company of:
- Document and identify data processing activities
- Carrying out Impact Assessments if necessary
- Development of procedures in response to possible data breaches
- Design of information procedures and attention to data holders
- Drafting of the necessary documentation as new clauses for the treatment order contracts
- Adaptation of informatic processes to the new regulatory paradigm
- Preparation of a detailed data protection policy, as well as a definition of a compliance standard
- Appointment of a Data Protection Delegate if required by law, as well as the establishment of their functions

- TESTING THE EFFECTIVENESS OF THE PROCEDURES

Annual audits will be carried out with various requirements to know if the procedures are correctly implemented and the testing of them, putting in the spotlight their total adaptation to the General Data Protection Regulation.
Continuous improvement of procedures:
- Execution of periodic reviews
- Development of new processes for new treatments
- Periodic reviews of the training needs of the entity's staff
- Evaluation of new technological proposals to improve safety