Notification to the Spanish Data Protection Agency (AEPD) of the files
Posted: Wed Dec 18, 2024 7:20 am
Any person, company or organisation (both private and public) that processes personal data must comply with a series of requirements and apply security measures depending on the type of data they possess (basic-intermediate-high risk level). They must also keep track of the data they collect.
At European level, the Regulation on the protection of personal data was developed , which was approved by the European Parliament on April 16, 2016. It was immediately applicable to all Member States of the European Union and came into force in May 2018.
At the state level, we have Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights, which repeals the old Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD), this rule had to be adapted to the GDPR.
How to comply with data protection?
Data protection is not a mere formality, since we are talking about fundamental rights: the right to honour, personal privacy and one's own image, regulated by Article 18 of the Constitution .
Although its configuration was initially based on the Fundamental Right to honour, personal and family privacy and one's own image, thanks to regulatory development and the construction of jurisprudence, it has become employment database a fundamental right independent and autonomous from the right to personal and family privacy and one's own image.
Whether you are a company or an individual who processes personal data, you must comply with a series of legal obligations.
Drafting of the Security Document reflecting the technical and organizational measures that must be adopted to comply with data protection.
Drafting of all documents necessary for data protection.
Facilitate the exercise of ARCO rights (right of access, right of rectification, right of cancellation and right of opposition).
Biennial audit. Companies with medium or high-level files must carry out an audit every two years, which can be internal or external.
A series of data protection services that both companies and self-employed workers who handle personal data should take into account.
Personal rights
Unequivocal consent: The General Data Protection Regulation and the LOPDGDD require that the persons whose data are processed give their consent by means of an unequivocal statement or a clear affirmative action . This excludes the use of so-called tacit consent.
Information: The data controller will take appropriate measures to provide the data subject with all information. The information will be provided in writing or by other means, including, where appropriate, by electronic means.
The right to access, rectification, opposition, cancellation, limitation and portability of data: are recognised in the General Data Protection Regulation (Articles 15 to 21) and in Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (articles 12 to 18). They allow us to know what personal information of ours is being processed by a controller (without this implying access to the documents), from whom or where they have obtained this data and to whom it has been transferred. They also allow us to modify or rectify errors, cancel data that should not be processed or oppose the processing of personal data carried out without our consent.
At European level, the Regulation on the protection of personal data was developed , which was approved by the European Parliament on April 16, 2016. It was immediately applicable to all Member States of the European Union and came into force in May 2018.
At the state level, we have Organic Law 3/2018, of December 5, on the Protection of Personal Data and the guarantee of digital rights, which repeals the old Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD), this rule had to be adapted to the GDPR.
How to comply with data protection?
Data protection is not a mere formality, since we are talking about fundamental rights: the right to honour, personal privacy and one's own image, regulated by Article 18 of the Constitution .
Although its configuration was initially based on the Fundamental Right to honour, personal and family privacy and one's own image, thanks to regulatory development and the construction of jurisprudence, it has become employment database a fundamental right independent and autonomous from the right to personal and family privacy and one's own image.
Whether you are a company or an individual who processes personal data, you must comply with a series of legal obligations.
Drafting of the Security Document reflecting the technical and organizational measures that must be adopted to comply with data protection.
Drafting of all documents necessary for data protection.
Facilitate the exercise of ARCO rights (right of access, right of rectification, right of cancellation and right of opposition).
Biennial audit. Companies with medium or high-level files must carry out an audit every two years, which can be internal or external.
A series of data protection services that both companies and self-employed workers who handle personal data should take into account.
Personal rights
Unequivocal consent: The General Data Protection Regulation and the LOPDGDD require that the persons whose data are processed give their consent by means of an unequivocal statement or a clear affirmative action . This excludes the use of so-called tacit consent.
Information: The data controller will take appropriate measures to provide the data subject with all information. The information will be provided in writing or by other means, including, where appropriate, by electronic means.
The right to access, rectification, opposition, cancellation, limitation and portability of data: are recognised in the General Data Protection Regulation (Articles 15 to 21) and in Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (articles 12 to 18). They allow us to know what personal information of ours is being processed by a controller (without this implying access to the documents), from whom or where they have obtained this data and to whom it has been transferred. They also allow us to modify or rectify errors, cancel data that should not be processed or oppose the processing of personal data carried out without our consent.