Personal Data Protection

The right to the protection of personal data is a fundamental right of all people that translates into the power of control over the use made of their personal data, in order to prevent third parties from having access to information about us that affects our privacy and other fundamental rights and public liberties.

We can define personal data as any numerical, alphabetical, graphic, photographic, acoustic or any other information concerning identified natural persons (any person whose identity is determined) or identifiable (person whose identity can be determined).

Within Data Protection it is important to highlight three legal figures that constantly interact. In the first place, the interested or affected party, who is the natural person who owns the personal data. Secondly, the data controller, who is the natural or legal person, who manages the purpose, content and use of the treatment. And thirdly, the Data Processing Officer, who is the natural or legal person who, alone or jointly with others, processes personal data on behalf of the data controller.

Currently the normative and current body that regulates everything related to Data Protection is the General Data Protection Regulation (RGPD) which entered into force in May 2016, being mandatory from the May 25, 2018. The RGPD is directly applicable, so it does not need to be transposed into the Spanish legal system.

In addition to the RGPD, in Spain the Organic Law 3/2018, of December 5, on the Protection of Personal Data and guarantee of digital rights (LOPDGDD), which repeals the Law, is in force. Organic 15/1999, of December 13, on the Protection of Personal Data, as well as any other provision of the same or lower rank that contradicts, opposes or is incompatible with the provisions of the RGPD and the LOPDGDD.
The aforementioned regulations configure a series of principles that configure the bases of Data Protection and are mandatory for all those responsible and responsible for the treatment.

Firstly, the principle of legality, loyalty and transparency stands out, which establishes that personal data must be processed in a lawful, loyal and transparent manner in relation to the interested party.

Secondly, the principle of limitation of purpose obliges both the controller and the processor to collect personal data for specific, explicit and legitimate purposes, and they will not be further processed in a manner incompatible with those purposes. This principle is closely related to the principle of data minimization, which establishes that the data collected by managers and managers must be adequate, relevant and limited to what is necessary in relation to the purposes for which they are processed. To these two principles, we must add the principle of accuracy, which determines that the personal data collected will be accurate and updated.

Thirdly, we are interested in highlighting the principle of limiting the period of retention of personal data, since we consider it of utmost importance to comply with the legally established, that the data managed by managers and managers be kept in a way that allows the identification of those interested for no longer than necessary.

Fourth and lastly, underline the principle of integrity and confidentiality, which determines that personal data must be treated in such a way that adequate security is guaranteed to the sensitivity of the data, including protection against unauthorized treatment or unlawful and against its loss, destruction or accidental damage.

All of the principles set out above respond to the basic principle on which the RGPD is based, proactive responsibility, which obliges those responsible and those in charge of treatment to comply with these principles and be able to demonstrate such compliance.

Likewise, both the RGPD and the LOPDGDD stipulate the rights that the owner of the personal data has for the assumption that he considers that the person responsible or in charge of managing his personal data is not complying with the principles set out above, are the known as ARCO rights, and include: the right of access, rectification, opposition, opposition to automated decisions, deletion, limitation and portability.

From CASAS ASIN as a law firm specialized in Data Protection we are able to offer you complete and personalized advice on the procedure to follow to protect your rights regarding the correct management of your personal data in cases of possible infractions.

In the same way, we can provide complete and specialized advice on the adequacy of the provisions of the RGPD and the LOPDGDD regarding the way of managing the data managed by companies, in order to avoid the large economic sanctions imposed by the Law in cases of defaults. The implementation of these measures in any company will be certified by our firm CASAS ASIN, through the following certificate.

The implementation of Data Protection in any small, medium and large company, in addition to being mandatory, supposes an undoubted increase in the reputation of the company, since by adopting internal protocols, information security is enhanced, which prevents their losses and leaks, directly fostering the trust of customers in their actions, and thereby improving the image of the company.