Spain
Governing Data Protection Legislation
them with the latest Spanish and European regulations. Our thorough examination of contracts ensures the incorporation of clauses pertaining to data protection and confidentiality, tailored to the nature of each agreement. At López-Ibor DPM Abogados, we pride ourselves on being at the forefront of legal innovation, providing steadfast support to our clients in navigating the complexities of contemporary legal landscapes. Introduction We have compiled the main differences between the REGULATION (EU) 2016/679 OF THE EUROPEAN PARLIAMENT AND OF THE COUNCIL of 27 April 2016 on the protection of natural persons concerning the processing of personal data and on the free movement of such data, and repealing Directive 95/46/EC (General Data Protection Regulation or “GDPR”) and the local Spanish Organic Law 3/2018, of December 5, 2018, on the Protection of Personal Data and guarantee of digital rights, mentioning only the differences where the Spanish legislation has added or modified some of the rights and provisions of the aforementioned European regulation. In the following headings and subheadings, we will only address the points where there are noteworthy differences in the Spanish legislation with respect to the GDPR. We will not include any content in the headings and subheadings where there are no particularities in the Spanish legislation with respect to the GDPR.
2.1. Overview of principal legislation The Organic Law 3/2018, o f December 5, 2018, on the Protection of Personal Data and guarantee of digital rights (hereinafter, “Spanish DP Law” ) is the Spanish national law that complements and develops the provisions of the GDPR and applies throughout the entire Spanish territory. 2.2. Additional or ancillary regulation, directives, or norms Law 11/2023, of 8 May, introduced various amendments to the Spanish DP Law through its Second Final Provision. These include the replacement of the warning (“apercibimiento”) as a sanction with a formal requirement, the regulation of investigative actions using digital systems, and the extension of the maximum duration of sanction procedures from nine to twelve months and of preliminary investigative proceedings from twelve to eighteen months. The reform also modifies the rules on substitution of the Presidency of the Spanish Data Protection Agency (AEPD) in cases of absence, vacancy, or recusal, to ensure continuity in the Agency’s supervisory functions.
https://lopez-iborabogados.com/en/
Made with FlippingBook - PDF hosting