Known for customer loyalty, our service quality and our legal rigour.

NEWS

11-07-2017

FUTURE ORGANIC LAW OF PROTECTION OF DATA: FIRST DRAFT

Continuing lasts' post subject, the Council Regulation (EU) 2016/679, of Protection of data will come into force the May 25th, 2018 and, consequently, Spain will ought to have approved a new Organic Law of Protection of Data (LOPD) to adapt the national law to the disposals contained in the European reglament. The first draft already contains several disposals related to some trascendent novelties.

  • The normative, in addition to defining the figure of “Delegate of protection”, will establish the cases in that it will be required its establishment in the corporation.
  • Regarding deceased people's data, it will permit that person to indicate, before his/her death, a express prohibition which will result on not letting their heirs access to that data.
  • As we commented on the previous post, the tacit will be no longer sufficient to be able to use users' personal data, instead, it will require a express consent. 
  • About infractions and sanctions, the first ones will increase in number significantly (as a example, serious sanctions will increase from 11 to 28), as for the sanctions to impose and its graduation, it is going to be ruled by the Council Regulation (UE) 2016/679 and probably will keep the existent rules in the current LOPD.
  • It will also treat the labour video surveillance, in which it contemplates the possibility of not having to inform the worker expressively about the cameras, instead, it will be sufficiently placing posters stating its presence in the bulding, just to be able to legitimate the catchment of images. 
  • Besides, in relation to the credit information, debts of less than 50 euros will not be able to go into the deliquency list; neither the ones who can go into that list will be able to stay in it for longer than 5 year. Which means that it will desapear after 5 years.
  • Finally, it will require the consent of the affected for each of the operations in which they are going to use his/her personal data for. Therefore, when the data is going to be used in multiple operations, the affected will have to accept each of them.