New European Data Protection Regulation
The Regulation (EU) 2016/670, of 27 April 2016, of the European Parliament and of the Council (RGPD), is the new data protection regulation that has been applied since last May 28, 2018 in all European Union Member States. The peculiarity of the European Regulations is that these are directly applied in all Member States, without the need for an internal transposition rule.
In particular, the GDPR, which aims to establish a unified legal framework for the 28 States that make up the Union, has a dual purpose:
- The protection of personal data
- The free movement of such data.
This new regulation incorporates a series of novelties that it is important for companies and individuals to take into account:
- Reinforces the transparency of information by requiring that the information provided to the user be clear and accessible. In this regard, the «Guide for compliance with the duty to inform» of the Spanish Data Protection Agency (AEPD) includes a series of guidelines that may be useful.
- It establishes the obligation to receive the unambiguous consent from the data subject for the processing of his or her personal data for a specific purpose. It also includes the possibility for the user to withdraw his consent at any time.
- It includes new rights, such as the right of the data subject to have his or her data deleted at any time from the files of a company and the rights to limit the processing of his or her data or the portability of such data.
Non-compliance and its consequences
According to research by Talend, which is the world’s leading cloud data integration solutions company, 70% of companies are not complying with the GDPR.
For non-compliance with the provisions of the Regulation, Article 83 thereof establishes a series of administrative fines, the amount of which varies depending on the circumstances of each individual case and the specific infringements involved. Thus, fines of different amounts may be imposed.
In any case, fines imposed on individuals may not exceed 20,000,000 euros. On the other hand, if the offenders are companies, the fines will be calculated on the annual turnover of its previous financial year, not being able to impose a penalty exceeding 4% of the total turnoverof that year.
It is becoming more and more important at the legal level to protect the privacy of individuals. Therefore, it is important for both companies and individuals to be aware of at least the most innovative and important points of this new regulation so that society can internalize it as quickly as possible and thus avoid future breaches.
If you think you need advice….
If you consider that your company may not be complying with the legal obligations established by the RGPD regarding data protection, it is essential that you contact a lawyer so that he/she can advise and inform you in an adequate manner of all the options available to you to solve it and avoid the consequences of non-compliance.
From LAWYOU, we help you.
At LAWYOU we have expert lawyers with many years of experience who will help you with any question in this regard. Do not hesitate to contact us through our e-mail address email@example.com or, if you prefer, you can also call us at 602 226 895.