The text itself establishes that it will not be applicable until two years after it has entered into force in order to give member states time to adapt their relevant regulations. In Spain’s case, the new regulation will have to be adopted by making the necessary adjustments to the current Organic Law on Data Protection (Organic Law 15/1999 of 13 December, on the Protection of Personal Data).
How does the new regulation affect data protection rights?
Until the publication of this regulation, data protection was regulated at the EU level as a fundamental right of citizens, protected by the main legislation on the subject, European Union Directive 95/46. However, this protection regime has been obsolete for some time now due to the rapid evolution of the digital environment, which has made the private data of citizens and businesses increasingly vulnerable. The new regulation, which establishes a new regulatory framework for all EU countries, has given citizens a greater degree of control over their private information in this 21st century environment. In addition, it imposes significant changes for businesses, who will be forced to adapt their protocols and structures to the new regulation.
In this regard, the new regulation focuses on data protection in terms of four basic aspects: greater harmonization of the EU’s protection mechanisms, giving citizens greater control over their personal data, the active engagement of those who handle their data, and a reinforced monitoring system. First, in order to achieve greater harmonization of mechanisms and ensure that the level of protection is similar throughout the European Union, the regulation replaces national standards. To ensure that citizens have improved control over their personal data, the new regulation seeks to ensure that they always know who is handling their data, for what purposes, and for how long.
In addition, it recognizes three new rights in addition to the traditional rights of access, rectification and cancellation: the right to be forgotten, related to opposition and deletion; the right to data portability, which prevents obstructing the transfer of data to others; and the right to the restriction of processing, which makes it possible to prevent the deletion of data in defense of the data owner’s interests.
In regards to the regulation of those responsible for data processing, the new regulation introduces important changes focused on the prevention and establishment of guarantees on how data should be designed and implemented, thanks to a set of measures that allow the principles and rights of those concerned to be respected.
Finally, the regulation facilitates authorities’ control over the operation of the system, requiring their mutual cooperation and establishing a series of mechanisms for strengthened cooperation.
In light of the new changes, at ICN LEGAL we’re prepared to offer our clients the advice they need to protect the privacy and security of the personal data they use online. We will also advise companies on the best privacy policies to protect customer data from threats, and ensure that they comply with current legislation on this subject.
In conclusion, data seems to be “the new gold”, and must be protected. At ICN LEGAL, we know how to do so.