Badia)advocats advises clients on the implementation of the General Data Protection Regulation

   

On May 25, 2018, the new European Data Protection Regulation (RGPD) will enter into force. By this date, all companies and organizations must have internally adapted the aspects provided for by the RGPD.

On May 25, 2018, the new European Data Protection Regulation (RGPD) will enter into force.

The entry into force of the mentioned legal text will imply important changes in the data protection policy in force until now. Here are some examples:

• When processing personal data, the obtaining of “tacit” consent will no longer be valid, even for those personal data obtained prior to the entry into force of the RGPD. It will therefore be necessary to review the way in which all the company’s personal data has been obtained in the historical context (customers, workers, suppliers, mailing, etc.).

• The “files” registered with the Spanish Data Protection Agency will cease to exist, and the “Security Document” will also disappear. Instead, it will be necessary to have an Activity Register, have a Risk Analysis and, on certain occasions, carry out Impact Assessments of the treatments of the most sensitive data and appoint a Data Protection Delegate (new figure created by the GDPR).

• It will also be necessary to modify the information policy of the websites.

• Sanctions will increase significantly: these will be up to 20 million euros or 4% of the organization’s turnover.

Project managers

Specialized in commercial law, ICT law (information and communication technologies) and foundations.

Andreu Alonso Juan-Muns

Partner. Commercial Law.