Data Protection

Breadcrumb Abstract Shape
Breadcrumb Abstract Shape
Breadcrumb Abstract Shape

Purpose

The Data Protection Act (LOPD) aims to ensure and protect the use of personal data, keeping it confidential and safeguarding the individual and their family’s fundamental rights, their honor and privacy. It establishes a series of obligations for all companies, public and/or private (including the self-employed) who retain and manage personal information.

 

Who does the law apply to?

ALL companies have to register their files containing personal data  at the Spanish Data Protection Agency (AEPD)

(NOTE: The category or type of file is registered,  e.g. ‘Personnel’; ‘Customers’; ‘Suppliers’; ‘Accounting’; ‘Legal’; etc.  It does NOT include the content of these files).

Large or small, no registered company is exempt from the obligations of the LOPD, whether a one-man business or a subsidiary of a larger enterprise.

  • Prepare a Security Manual: obligations and protocols regarding data protection.
  • Register Files at the AEPD.
  • Allow individuals to exercise their ARCO Rights:
      • Access: Right to know what personal data are contained in a file.
      • Rectification: Right to rectify incorrect or incomplete data in a file.
      • Cancellation: Right to cancel and block incorrect data in a file.
      • Opposition: Right to oppose certain, specific processing of personal data

Personal Data?

Personal data are those that allow the identification of a person, whether customer, client, supplier or employee. It applies to any personal data collected in any format (manual, computerized, etc.). For example:

  • Identification data
  • Personal characteristics
  • Social circumstances
  • Academic and professional information
  • Employment information
  • Commercial information
  • Insurance and financial information
  • Political and religious beliefs

High: Health, Medical, Religion, Minors, Sexuality, Union membership…

Medium: Financial information, Accounting, Legal, Social Security data, civil or criminal offences, credit rating…

Low: Name, telephone, address, email…[/vc_column_text][/vc_tta_section]

The LOPD establishes a range of monetary penalties for non-compliance, ranging from 900€ to 600,000€. Significant fines for non-compliance have been handed out to companies, both large and small (€ 29 million in 2009 alone).

Training

Training for Management and Staff
Generation of your Company’s Security Manual

Every company/entity must have a Security Manual for Data Protection. This defines the company’s policies on how it handles individual’s data: how it keeps the data secure, what it is used for by the company, who it might be transferred to, how individuals may pursue their ARCO rights, and so on. It is a ‘live’ document that your company will use to record its activities as it carries out its Data Protection policies. This ‘living’ document will enable your company to show your commitment to the principle of ‘Accountability’ in your handling of individual’s personal data.

All employees who handle personal data have to be trained in the company’s policies. We provide on-line training at several levels, each level designed to suit the needs of the different roles and functions in your company.

Management Training

On-line training for Management and Administrators on the principles of the LOPD law.

Security Manual and DPO Training

Each company is obliged to have an individual appointed as the “Responsable” for data protection (i.e. a “Data Protection Officer”, or DPO). We firmly believe that your designated DPO will benefit from being heavily involved in the production of your company’s own ‘bespoke’ Security Manual. To that end we have created an on-line tool that your ‘Responsable‘ DPO will use to generate your own Security Manual, while at the same time being extensively trained in the procedures and policies that the LOPD demands.

In order that the new DPO becomes familiar with the principles and regulation of the Data Protection laws, it is highly recommended that the DPO completes both the on-line Management Training (above) and the Staff Training (below) before commencing with the generation of your company’s Data Protection Security Manual.

On-line training for all staff that handle personal data on the company’s rules and obligations of the LOPD law. It also includes the law’s requirement that staff read and agree to your company’s Internal Rules and Confidentiality Agreement with respect to the protection of personal data, plus a handout on staff’s LOPD obligations.

Staff will receive Training Certificates when they have completed their on-line LOPD training.