Any legal subject, business owner, business, organization, etc., in the public or private sector, that, in the course of its business collects personal data for an economic, professional or business objective, must adapt to the current Organic Law on Data Protection (LOPD) in Spain.
The LOPD establishes a set of principles, rights and duties that organizations must abide by. Its principal objective is to ensure that data provided by users are dealt with in the correct manner. For this reason, those businesses, associations, administrations or the self-employed that deal with personal data on a daily basis must consider the following questions to determine if they are complying with the LOPD.
- What constitutes personal data?
- What is a file?
- What is understood by dealing with?
- In the case of handling data, is any data exempt from the LOPD?
- What obligations exist?
Adaptation to the LOPD is still a pending subject for many companies, but non-compliance, as well as generating distrust and concern amongst users, can cost a business owner between 600 and 60,000 euros in economic sanctions.
Therefore, adaptation to the LOPD is recommendable, as well as the implementation of a proper audit by trusted professionals who can attend to any inquiry related to the confidentiality of the information. This is the only way a business owner will be able to avoid sanctions in the event of an inspection by the Spanish Data Protection Agency.
Furthermore, every person within a company with access to personal data must be aware of the safety regulations that affect the performance of their functions and the consequences of non-compliance.
This article is not considered as legal advice