• English
    • Español
  • What is the new Data Protection Regulation (RGPD)?

    12 June, 2018

    With a large number of purchases, registrations, operations, etc. that we do through the Internet, the protection of personal data has become a priority for citizens and businesses.

    Therefore, on May 25 came into force the RGPD (General Data Protection Regulation), the new European regulation that affects all those companies that treat data of European citizens, regardless of whether they are European companies or not. Thus, it intends to offer greater control and more rights over its own data.



     Right to forget and to portability. Citizens can request their personal data or delete it if it has been obtained illegally or is not used for what it was requested for. Or else, move that data to another responsible if desired.

     Right to access data. The users can request their data from the companies to know how they are processed, where and for what, completely free of charge.

     The user has to give his express consent for the use of his data and that it be reflected and verified. Therefore, silence, pre-marked boxes or inaction to offer consent is not valid.

     The information on the treatment given to the data and the privacy that they have must be fully reflected and must be easily consulted.

     The sanctions of those who violate the Regulation are much higher. They can be 4% of the volume of the business and can reach 20 million euros.



    For the data that was obtained before the entry into force of the new Regulation, it is necessary to request again the consent to ensure that there is evidence of the express consent. You have to follow the following steps to avoid any fine and forget nothing:

    1. Carry out a risk analysis of the web. If your website collects personal data of users through forms, for example, you should make a list of all the controversial points and include them in the privacy policy.

    2. Ask for the express consent of all users who have data (via email) or change the forms to add a new field where the user specifically accepts the processing of their data.

    3. Notify when there is an error or incident regarding the data protection policy, in a maximum of 72, to the Spanish Agency for Data Protection. Do not forget to have the previous point ready and have everything adapted to the new regulations.

    4. Modify the Privacy Policy to be clear and concise. Review all the points and add the one that is missing, but reflects the information in the most direct and simple way possible.

    5. You must include information regarding:

    – Who is responsible for data processing

    – How long they remain in your files

    – Who can have access to them

    – What are the security measures you are adopting to avoid data theft or the improper use of personal data of customers

    Here you can also consult information about the Cookies Policy.



    Share This: