Facebook SF Abogados Twitter SF Abogados Linkedin SF Abogados
ES | CA | EN | RUS |  中文
Facebook SF AbogadosTwitter SF AbogadosLinkedin SF Abogados


Tuesday, 18 September 2018 15:05

Urgent measure to adapt the domestic law to the RGPD

The Council of Ministers, in order to achieve the protection of the rights relating to citizens individual privacy, has opted to adjust and modify the penalty regime about the protection and processing of personal data, without waiting for the coming into force of the Organic Law in the matter, that is currently pending parliamentary processing.

Nevertheless, and without prejudice, this law has been adopted due to the urgency of adapt and unify the internal legal system to certain aspects foreseen in the EU Regulation 2016/679 on Data Protection.

Moreover, to have a broader view of the aforementioned lines, the most relevant aspects are summarized in the following sections.


One of the most important issues of the first chapter of the Royal Decree-Law 5/2018, recognizes the competent officials to exercise the faculty of investigation that the article 58.1th of the EU Regulation 2016/679 on data protection gives to the supervisory authorities. Task the latter, that will be made by officials expressly authorized by the Director of the Data Protection Spanish Agency, just in case of collaboration with other Member States.


The Royal Decree-Law, in its second chapter, assumes the innovative penalty system of the “RGPD”, replacing the offending types contained in the Organic Law 15/1999, of December 13th. Ratifying in the same way, the current regime in terms as the duration of the proceedings, which shall be six months, and may include previous research actions during one period that not exceed one year.

Moreover, speaking of prescription and applicable sanctions, the claimed norm adopts the same new European law of data protection terms.


Furthermore, the third chapter of the Royal Decre-Law, regulates the special proceedings which need to be followed in case of infringement to the rules of data protection, in order to ensure the correct implementation of the “RGPD”.

The latter regulation, provides 3 types of special treatments with its procedural rules, such as:

  • Cross-border treatment, defined by Article 4.23th of the “RGPD “
  • Cross-border local relevance in a Member State, referred in Article 56th of the same law, and;
  • National treatment, provided by the Article 55th of the European standard.

Ultimately, the Royal Decree-Law 5/2018, established the Data Protection Spanish Agency as representative of Spain at the European Committee, which among other issues, will inform the Regional Authorities about the resolutions adopted in the bosom of the claimed Commitee, giving them (regional authorities) faculty in those cases that respect to its subject matter, with the forecasts in their decisions to ensure the transparency of the action.

It is noteworthy, that the Royal Decree, incoming into force last July 31, will be effective until the approval of the new Organic Law of data protection that aims to adapt the spanish legal system to the EU Regulation 2016/679.

Writings SF Lawyers