There are still many companies, especially SMEs, that have not adapted to the General Data Protection Regulations (RGPD) and the Organic Law on Data Protection (LOPD), in force since 25 May 2018 and 6 December 2018, respectively. More than a year after full implementation, there is concern about the lack of involvement of small business managers in implementing the procedures, clauses and contracts required by the new RGPD. Companies still have time to be better, and to provide a service in line with what society expects from each of them.
From AVERUM Abogados we can help you in this task. We are a law firm specialized in Digital Law, counting among its different services, with the assistance to large and small companies to comply with the regulations on personal data protection. We provide resolution to the doubts and conflicts, that in matter of privacy can have the companies in the adaptation to the RGPD, offering agile and individualized solutions.
What do we offer?
Without prejudice to the fact that you have been offered the minimum documents required to comply with the Data Protection Regulations (RGPD), you must also take the following actions:
1.To have registers of processing activities that are duly updated and available to its clients or the Spanish Data Protection Agency, if requested.
2.To implement the technical and organisational measures indicated in the document we provide you with.
3.Review the contracts it currently has in place and include the contractual clauses relating to data protection and sign them by the parties.
4.Draw up those contracts that it does not yet have and, equally, include the contractual clauses relating to data protection and sign them by the parties.
5.Periodically monitor your suppliers to verify that they are complying with the treatment provider agreement.
6.Custody and maintenance of all documents.
7.Keep employees informed of the privacy policies implemented by the company.
8.Don’t forget that you should not send anything to the Spanish Data Protection Agency, you should only give it to them if they ask for it.
The General Data Protection Regulation (GDPR) is the European regulation on the protection of natural persons with regard to the processing and free movement of data. The RGPD comes into force on 25 May 2016 and starts to be applied on 25 May 2018. For two years, companies, organizations and institutions of the European Union, as well as companies doing business in the EU and handling personal information, have been adapting to comply with the new regulation.
All companies, regardless of their size, that process personal data (customers, suppliers or employees or others) are obliged to adapt to the RGPD, which also requires a principle of proactive responsibility. To this end, they must apply effective preventive measures, with the aim of reducing the risks of non-compliance.
The Spanish Data Protection Agency, which is the competent authority for observing that the RGPD and the Organic Law on Data Protection (LOPD) are being complied with, also has powers to impose sanctions and is obliged to act when an individual complains because he or she believes that his or her rights have not been respected.
The Agency has mechanisms and highly qualified personnel who will review all the company’s documentation, to check if the legal obligations imposed by these regulations are being fulfilled. And the body will undoubtedly open disciplinary proceedings against those companies that are found not to have adapted adequately, or that have a clear intention not to adapt.
For there are many offences that can be committed, and the fines that go with them are significant.
No company, whether by size or activity, is outside the Law. In all of them, their reputation is at stake, and more importantly, the rights of people who come to the shop, workshop, or company trusting that their personal data is safeguarded because they are confident that the companies are complying with the Law.