Free tools and resources for Data Protection Officers!

Tag Archives for " Spain "

Spain: Guide on cyber incidents establishes a “one-stop notification system”

The Government of Spain announced, on 23 January 2019, that it had issued a guide on the notification and management of cyber incidents (‘the Guide’), according to the requirements of Royal Decree-Law 12/2018, of September 7, on the Security of Network and Information Systems.

In particular, the Guide creates a framework for the notification of incidents relating to the security of network and information systems by operators of essential services based on a series of impact criteria, as well as a management scheme on the same.

Source: Spain: Guide on cyber incidents establishes a “one-stop notification system”

In Spain, data breach notifications increase since the entry into application of the GDPR

The Spanish data protection authority – Agencia Española de Protección de Datos or AEPD – has received 418 notifications of data breaches since the entry into application of the GDPR. Of these 418 notifications, only 11 have required additional investigation by the DPA.

In the latest annual report published by AEPD, the DPA reports that complaints had already increased by 37% from 2015-2017, and that in 2017, the authority received around 10 500 complaints.

Source: In Spain, data breach notifications increase since the entry into application of the GDPR

Spain finalises new data protection and digital rights law

A new law on data protection and digital rights has been approved by Spain’s parliament and will come into force in the coming days. The law will complement the General Data Protection Regulation (GDPR).

The new law, the Organic Law on Data Protection and Digital Rights Guarantee (LOPDGDD), was approved by a large majority in the Spanish Senate on 21 November after being nearly two years in development. The Senate did not amend any of the text that was previously approved by the Congress, ending a period of delay in the parliamentary process.

Source: Spain finalises new data protection and digital rights law

New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties

The new Law on Data Protection and Digital Rights (LOPD), recently enacted in Spain, includes a highly controversial provision allowing political parties and organizations to collect and use personal data revealing political views of individuals.

The controversial article was introduced as a last-minute amendment to the bill, which was voted unanimously on October 18 by the House of Representatives (Congreso de los Diputados). By then, the contentious article had largely gone unnoticed by the public opinion. Shortly after that, however, concerns that political parties might get broad leeway to process sensitive personal data were widely reported in the mainstream media. Nonetheless, the Spanish Senate definitively approved the law on November 21 – including the controversial section. The text is expected to be officially published shortly.

Full article: New Spanish Data Protection Law raises concerns over the use of sensitive data by political parties | Center for Internet and Society

New Spanish data law could undermine the integrity of democracy

On Wednesday, the Spanish senate gave the green light to an online data protection law which may enable political parties to hit voters with adverts based on profiling of internet search histories. The law was created as part of the Iberian nation’s efforts to align with the General Data Protection Regulation (GDPR) which came into force on May 25th of this year.

However, the recent adjustment made to the Spanish laws includes a caveat that enables political parties to “use personal data obtained from web pages and other publicly accessible sources to carry out political activities” throughout election campaigns.

Full article: New Spanish data law could undermine the integrity of democracy

Spanish Senate signs-off new GDPR-compliant Data Protection Act

After a very long delay and amidst rumors that the Spanish Parliament could be dissolved and early elections called, the Spanish Senate speedily dismissed all the proposals for further changes and approved the new GDPR-compliant Spanish Data Protection Act on Wednesday 21 November 2018.

Full article: Spanish Senate signs-off new GDPR-compliant Data Protection Act

Spain approves royal decree to overcome GDPR uncertainty

The Spanish government has approved a Royal Decree designed as a temporary measure to reconcile contradictions between existing Spanish data protection law and the GDPR. While the UK, France, Germany, and Ireland have all passed new laws, such as the UK’s Data Protection Act 2018, to bring national law in line with the GDPR, Spain had not yet done so.

Source: Spain approves royal decree to overcome GDPR uncertainty

Spanish Government approves new Decree-Law on Data Protection matters

Due to the complex balances inside the Spanish Parliament, Spain has been unable to put in place to date (July 2018) a new Data Protection Act that develops the EU Regulation 2016/679 (“GDPR”) in the areas where EU Member States are entitled to fill the gaps or add gold-plating requirements on top of those established by the GDPR.

Source: Spanish Government approves new Decree-Law on Data Protection matters

Telefonica breach leaves data on millions exposed

Identity and payment information – including land line and mobile numbers, national ID numbers, addresses, banks, names and call records – was exposed although there is no evidence that any of the data was used in fraudulently. If Telefonica’s data had been protected by end-to-end encryption “there would be no breach to report under GDPR,as stolen encrypted data would be unusable. Now that GDPR is in effect, the Telefonica customer notifications and follow-up must be done in a compliant and potentially expensive way.

Source: Telefonica breach leaves data on millions exposed

Spanish court admits emails from internal investigation as evidence

A judicial decision, issued by the employment division of the Spanish Supreme Court, has confirmed the admissibility as evidence, to justify a dismissal, of the emails of the dismissed employee obtained in the course of an internal investigation.

This decision has its origin in a claim for unfair dismissal filed by an employee of a Spanish company which had been dismissed by the company for committing very serious infringements of the Spanish Workers’ Statute – it was proven that the dismissed employee had accepted a bribe from one of the company’s suppliers.

Source: Spanish court admits emails from internal investigation as evidence

>