What is the LOPD
The Statutory law of Protection of Data or LOPD comprises of the Spanish legislation for almost 20 years (is a Statutory law of 1999), but has taken control more excellent with the generalization of the digital treatment of data on the part of the companies and, mainly, of the recent entrance in force of the General Regulation of Protection of Data of the EU. Both look for to protect to the users against indiscriminate or intrusive publicity.
If you have a business, as a store online or a webpage, is very probable that you catch and managements personal character data of your clients. With the digitalization of the enterprise processes, also it is quite common that the companies store them in computer science format, setting out them to possible attacks, facilitating their cession to third parties and making possible the shipment of commercial communications easily.
By all this, the Statutory law of Protection of Data LOPD (and also the RGPD) prohibits the use of the data bases for the shipment of commercial communications when there is no an express consent, as well as, for example, the sale of these data to third parties if the holder has not allowed it. The company is responsible for the storage, treatment and management of the data, but always it must guarantee the confidentiality of the same to the benefit of the holder.
Really, the Statutory law of Protection of Data LOPD protects the right fundamental of the Spaniards to the privacy and to have power of decision on its own personal data: what use wants to give them, to whom it is going to trust them and why, during how long, etc. So, in addition to an ethical and moral resolution that all the companies would have to take for their clients, to fulfill the LOPD it is a legal obligation to fulfill the rights of the users.
When and how to fulfill the LOPD?
All the companies that deal with personal character data in the exercise their activity must obey law LOPD. This means, for example, that if you have a list of subscribers, you handle files with emails of clients, or offer services whom they require to use information of these clients, you will have to fulfill the LOPD. Otherwise, you also face breaches of security and important sanctions on the part of the Spanish Agency of Protection of Datos (AEPD).
In order to avoid it, most important it is to be a guardian of the data of your clients and subscribers: not to jeopardize its confidentiality nor privacy and to guarantee to the holders its power of decision with respect to its own data. To guarantee the rights of access, rectification, opposition and cancellation of the data processing will give an image you is transparent and reliable and it will also increase your competitiveness in the market.
Some of the actions that you must take to end to fulfill the Statutory law of Protection of Data LOPD are the inscription in the AEPD as company that deals with personal data, to pick up the data of allowed and informative form the holder, to protect the data of computer science attacks and filtrations to third parties with which you can share your data base and, really, to incorporate a professional treatment and with guarantees of the personal data.
The General Regulation of Protection of Datos (RGPD) of the EU
From the 25 of May, the legal exigencies of the countries of the European Union converge and they are extended with the General Regulation of Protection of Datos (RGPD), that grants a control on the personal data even greater to the users. With this General Regulation of protection of data it is included, for example, the necessity of consent express, and nontacit, which has taken to the companies to update its clauses and contracts to adapt to the new norm and to fulfill the rights of the users, since, now, the specific legislation the type of required consent.
Other considerations if you want that your company adapts to the RGPD: in case of filtration of data, you will have to communicate the error to the AEPD as rapidly as possible; you will have to show to extreme responsibility and transparency with the treatment of the personal data, contemplating to the risks and their possible solutions since an enterprise project is conceived; and you will have to know the possible requirements and certifications that you can be demanded according to your sector and type of company.