Badia)advocats advises clients in the implementation of the General Data Protection Regulation

On May 25, 2018, the new European Data Protection Regulation (RGPD) will come into force. By this date, all companies and organizations must have internally adapted the aspects foreseen in the RGPD.

The entry into force of the aforementioned legal text will imply important changes in the data protection policy in force until now. Here are some examples:

• When processing personal data, obtaining "tacit" consent will no longer be valid, even for personal data obtained prior to the entry into force of the RGPD. There will, therefore, be a need to review the way in which all the personal data of the company at historical level (customers, workers, suppliers, mailing, etc.) have been obtained.

• The "files" registered with the Spanish Agency for Data Protection will no longer exist, and the "Security Document" will also disappear. Instead, it will be necessary to have a Register of Activities, have a Risk Analysis and, in certain cases, perform impact evaluations of the most sensitive data processing and appoint a Delegate for Data Protection (new figure created by the RGPD ).

• It will also be necessary to modify the information policy of the websites.

• Significantly increase penalties: these will be up to 20 million euros or 4% of the organization's billing. "