Who needs to adapt?

From May 2018, all entities, associations, communities of neighbors or self-employed individuals that use personal data (such as data of employees, clients, patients, video surveillance, etc.) must adapt to this new regulation.

Is it mandatory?

Until now, the law that guaranteed and protected the processing of personal data was the LOPD (Organic Law on the Protection of Personal Data). The new law came into effect on May 25, 2016 GDPR (European General Data Protection Regulation) which applies in conjunction with current regulations and will be mandatory and punishable from May 25, 2018, Therefore, you must adapt your business to your obligations.

The implementation of the GDPR It is a legal obligation and has many implicit benefits, easily attainable if implemented correctly. These include increased business control, improved corporate image, shared responsibility, and reduced risks. sanctions, These are some of the benefits; and it is not unreasonable to think that they may bring even more economic benefits.

New obligations

He GDPR (General Data Protection Regulation) It presents some modifications and new obligations regarding the Data Protection Act Current. Some of the new obligations:

• Tacit consent disappears, becoming worthless.To send commercial information, express/implicit consent is required.
• Obligation to document the treatment operations. More control over data processors and the services we provide.
• New notifications to the Supervisory Authority: security breaches and prior authorization for certain types of treatment.
• The warning disappears.: Minimum penalty always if there is any infraction.
• New role of Data Protection Officer, in some companies / entities.

What penalties do we face?

We are primarily exposed to a large increase in the amount of the penalties.:

SERIOUS PENALTIES

Up to 10 million euros or 2% of the total annual turnover of the previous financial year.

VERY SERIOUS SANCTIONS

Up to 20 million euros or 4% of the total annual turnover of the previous financial year.

Internet obligations

The LSSI-CE (Law 34/2002, on Information Society Services and Electronic Commerce) It is mandatory for all companies and individuals who have:

• Web page.
• Private website with advertising.
• Electronic commerce, online store, e-commerce.
• Advertising campaigns or the provision of information via email, SMS, etc.

A website, portal, or online store must comply with legal obligations. This will give it a better image and protect it from potential liabilities and penalties.

What does APEN offer you?

• We guarantee a easy adaptation, We take care of the following:
  • Preparation of the Security Document.
  • File registration and control / treatments.
  • Editorial Staff Legal notices, information clauses, terms of use and contractual terms, etc…
  • Drafting confidentiality agreements with employees and third parties who have access to your data.
  • Editorial Staff Website Security Policy, Cookie Policy, etc…
  • Control of the real status of the Hosting servers.
  • Drafting of rights. Limitation of liability.
• In-person visits whenever necessary, and continuous, efficient, and immediate customer service. Current regulations establish the obligation not only to draft the Security Document but also to keep it updated.
• We conduct audits biannual. It is mandatory for all activities that process sensitive personal data.
• Service of Data Protection Officer (DPD).
• Training for managers, directors, employees, etc.