The GDPR is directly applicable in all EU member states and introduces new obligations for companies. Since member states have leeway for deviations, Spain has already drafted a legislative proposal.
The Technology, media and telecommunications (TMT) law handles the full spectrum of IT and telecoms-related issues and involves advising and drafting agreements, licensing and advertising, data protection and privacy laws, e-commerce issues and fraud prevention.
The legal obligations that affect companies that are not on the internet also apply to those companies that create a web page. Furthermore, there are a series of legal requirements and specific obligations that are necessary to open a business on the internet, and they are related to the specific legislation of e-commerce in Spain.
E-commerce businesses in Spain must comply not only with the same commercial, fiscal and employment regulations as physical businesses, but they are also subject to the regulations established in the LOPD and the LSSICE.
The Internet of Things (IoT) refers to the connection of devices and/or objects to the internet in order to collect and collate data of how they are being used. Due to its complex systems and cross-border nature, data protection laws regarding the IoT are still being developed and modified by regulators. Therefore businesses have to be wary and keep themselves updated of the legal regulations regarding data collection via the IoT.
EU Directive 2006/112/CE is crucial for tax liabilities of foreign online retailers in the Spanish market. After a foreign company exceeds a turnover of EUR 35,000 through sales to consumers in Spain, the VAT of the destination country of the goods (Spain) is raised.
Advertising through the media is more controlled than one may think. There are limits on how much advertisement can be shown on TV, as well as how advertisements must be displayed online. The bottom line is that a consumer must always be protected and must always know that what they are being subjected to is indeed an advertisement rather than merely information. The laws that govern advertisements are quite specific on how advertisements must be created and displayed. Therefore, a consumer is protected from any type of deceptive advertising.
All natural or legal persons and Public Administrations that deal with personal data are obliged to comply with and adapt to the regulations of the current Personal Data Protection Act (LOPD) in Spain.
Since the invalidation of the Safe Harbor agreement on 6 October 2015, companies should take into account the new rules established by the Court of Justice of the European Union regarding the international transfer of personal data.
The Safe Harbour agreement signed between Europe and the United States allowed the movement and storage of personal data between Europe and the United States with lower security requirements than that stipulated by European regulations. However, after the lawsuit against Facebook filed by Max Schrems, the Court of Justice of the European Union (TJUE) deemed that the United States does not guarantee sufficient levels of data protection for European users.
It is important for businesses to be aware of Spanish law before they enter the Spanish consumer market by selling goods through their websites. This article will consider five key aspects of Spanish Law for companies: consumer protection, data protection, e-commerce, regulatory aspects, and invoices and tax aspects.