COMMON RULES FOR THE EU
It is the first time that there is a common regulation for all the countries that make up the European Union. This provision establishes rules about the right of people to know how, who and why the data is stored or used; There is also the right to demand that these information be deleted, transferred or corrected, in case it is incorrect.
Spain, like the other Member States, has had to adapt its own laws in order to adopt this new regulation. It is a complex task for both the public sector and companies; The deadline that the EU has given for this transition is two years.
THE NEW OBLIGATIONS
One of the obligations imposed by this new regulation on public sector institutions is the hiring of a delegate for data protection. Must be a data expert, who can advise the heads of each institution about the treatment and use of them.
In Spain there are already 20,000 organisms that are in this situation. And many of them correspond to small municipalities, which do not even have their own secretary. For this reason, steps are being taken to ensure that provincial delegations have a delegate.
As for the companies, they also have to adapt to the obligations contemplated in the new European regulations. The basic principle of the new law is an active participation in data protection; All companies must apply measures capable of guaranteeing the right to privacy. These measures are adapted to the business model of each company.
Companies will have to perform a risk analysis in relation to the data they handle. Likewise, they should implement technical security measures that guarantee users the protection of their data, as well as transparency regarding its use.
Failure to comply with this new regulation can generate severe penalties. Depending on their severity, the infractions are divided into two categories. The less serious ones have a penalty of up to ten million euros, or 2% of the annual turnover volume (the highest). The most serious will be sanctioned with up to twenty million or 4% of the billing.
To determine the amount of the sanction other factors are also taken into consideration. For example, the size of the business or company, the degree of intentionality and whether or not there is recidivism will be taken into account.
Now that you know the main obligations of the new regulations on data protection, you can apply them to avoid millions of fines that could seriously affect your business.
Writings SF Lawyers