PKF Attest

Consulting
New Law on Data Protection and Guarantee of Digital Rights

Home Services Consulting Data Protection

New Law on Data Protection and Guarantee of Digital Rights

The approval of the new Organic Law on Data Protection and Guarantee of Digital Rights means that organizations must adapt to the new requirements imposed by the law.

Adapt your company to the Organic Law on Data Protection

What changes have been added to the Law? 
The new Law introduces certain specifications to add to what was already established, in order to comply with Europe’s General Data Protection Regulation (GDPR).

Data Protection Officer

The list of managers and officers who will be obliged to appoint a DPO grows longer. It includes sports federations when they process minors’ data, while it excludes professionals at health centres who perform their work in a personal capacity.

Consent

Like the GDPR, it establishes that it must be specifically and unequivocally stated that consent is given for all t processing purposes. The minimum age for giving consent is 14 for minors.

Transparency and duty of information

The two-tier system is extended to all cases, not only those obtained on electronic communication networks.

Blocking data according to article 32

This consists of identifying and reserving data, adopting technical and organizational measures to prevent it being processed, including viewing it. The only exception is when the data is required by courts and judges.

The greatest novelty in comparison with the previous law is Title X. It introduces 18 articles on new digital rights, which are not contemplated in the GDPR or in the previous Law on Data Protection.

Typical Project

We offer services in accordance with the following structure to help organizations to adapt their activities to this legislation:

  • Review of the current document (Law on Data Protection) and degree of knowledge
  • Initial training for the people involved
  • Changing files for a Processing Activities Record
  • Appointing and assigning managers. There must be a data protection officer (DPO).
  • New informative clauses for processing
  • Models of contract for processing managers
  • Procedure for obtaining consent
  • Procedure for attending to rights
  • Privacy manual
  • Risk analysis by process
  • Final training and implementation