As at this point almost everyone should already know, since the media bombardment of specialised consultancy firms has been intense for the last months, as of 25 May next applies in Spain, and in other Member States of the European Union, Regulation (EU) 2016/679, of 27 April 2016, on the protection of natural persons with regard to the processing of personal data and on the free movement of such data (hereinafter the “Regulation”). This European standard, which is directly applicable in each State without the need for an internal law of transposition, repeals Directive 95/46 / EC, of October 24, 1995, which was incorporated into our legal system by means of the Organic Law 15/1999, of December 13, on data protection, which entered into force on January 14, 2000 and, from that date, must be complied with.
The Regulation is nothing more than an evolution of the previous legislation, which aims to establish a uniform legal framework within the European Union and, at the same time, to update certain provisions of the regulation of 1995, – especially motivated by technological changes that have taken place since then -, and all with the aim of achieving a better protection of the privacy of natural persons in relation to the treatment of their personal data by companies and, in general, by institutions.
That said, those in compliance with Organic Law 15/1999, – since January 14, 2000 must be – in some aspects stricter and more protectionist than the Regulation, will simply have to adjust certain issues of their organization to comply with the provisions of the new European standard. On the contrary, those that did not adapt the processing of personal data to the regulations of 1999 are in the same “bad” condition, from a point of view of their legal risks, that in the last 18 years.
Let us not forget, moreover, that the Spanish State itself must adapt its internal legislation to the Regulation and that such adaptation should also take place before May 25, 2018. At the time of preparing this Circular letter, we are aware of the existence of a Draft Law sent to the Cortes Generales [1] which, in its fifth final provision, indicates that it will enter into force on May 25 next. Will the Spanish State arrive on time to meet that deadline? It would not give a good example if it was not like that.
We will present in this Circular letter, as a DECALOGUE, the main novelties that the Regulation introduces and it may serve as a guide for each controller to verify how close or distant it is from its effective compliance.
[1] Official Gazette of the Cortes Generales of November 24, 2017.