The new European General Data Protection Regulation (GDPR), regarding the protection of natural persons and the processing and free circulation of their personal data, was enforced on May 25th, 2018.The GDPR is the type of E.U. regulation that is directly applied to all member states, which means it is enforceable in Spain as if it were a national law. The current legislation includes new obligations with which companies, freelancers and public and private organizations that process personal data must comply.In adapting to the legislation, the first step is to identify and analyze areas of risk and document the processing of personal data. If the company fails to comply, there are potential sanctions that can range from 4% of the company’s annual turnover to 20 million euros plus the penal, administrative and corporate consequences as well as the damages and losses that may arise on a national level.Particular requirements of the GDPRAppointment of a Data Protection Delegate (DPD/DPO) in the company/entityImpact evaluation in data protectionObligation to communicate the security of personal data to the Spanish Agency for Data Protection within 72 hours, and in severe cases, to those affectedElimination of tacit consentContent extension of the contracts giving data access to third parties: any third party to gain access to personal data for the provision of a service, has to sign a contract in order to regulate the processing of this dataEliminating distinctions between personal and professional data.Main changes of the General Data Protection RegulationConsentThe citizen’s rightsInformation transparencyThe registrySecurityThe consent in web pagesThose in charge of the data processingSending commercial communicationsFor further information regarding the data protection regulation in Spain,