The data protection law:

Current regulations the Data Protection Act Personal Character (LOPD) establishes the obligation for those public or private entities that own, try and keep files with personal data, to implement measures and implement mechanisms to ensure the protection of such data, affecting computer systems local, storage media, personal, operating procedures, etc.

Considering that any company or organization always deals with personal data in some way, it is important to mention what these measures and mechanisms are to adopt:

  1. The communication of personal data files (for example, of workers, clients, suppliers, contacts ...) to the General Registry of the Spanish Agency for Data Protection.
  2. Information and protection of the rights of those affected by access, rectification and cancellation of their personal data by establishing the appropriate internal procedure.
  3. The correct contractual formalization of the transfer of data to third parties (for example, to agencies that prepare the payroll of the employees of the company).
  4. The drafting and implementation of a Security Document in the field of Data Protection of a personal nature that includes all the security regulations of a technical and organizational nature necessary to guarantee the security of the data object of treatment, of obligatory fulfillment for the personnel with access to the automated data of a personal nature and to the information systems that it collects.
  5. The Audit, every two years, on compliance with legislation and security procedures.

Finally, we must point out that the possible sanctions in case of non-compliance of the Data Protection Act, Imposed by the Spanish Data Protection Agency may become high level and also involve immobilizing files.

About the Author:

Image of Amparo Leon DIG Lawyers

María Amparo León

DiG Lawyers