Español (spanish formal Internacional)English (United Kingdom)
Malaga Information LOPD

BASIC INFORMATION ABOUT THE LAW ON THE PROTECTION OF PERSONAL DATA

 

WHAT IS ORGANIC LAW ON THE PROTECTION OF PERSONAL DATA?

 

 

THE LOPD is the Law 15/1999 of December 13, PROTECTION OF PERSONAL DATA

 

This law came into force in the month January of 2000, established three deadlines to adapt to it. The last deadline expired on June 26, 2002, so that any company, professional group, association, social club, etc.. Who have not regularized the status of their files to the Data Protection Agency (Public Authority for ensuring compliance) is in breach of legislation, imposing sanctions from 6000 to 600,000 euros.


WHAT IS THE PURPOSE OF LOPD?

 

This Organic Law is to guarantee and protect, with regard to the processing of personal data, civil liberties and fundamental rights of physical persons, and especially their honor and personal and family privacy.

 


WHAT IS THE SCOPE?

 

Any file containing personal data (any database, however small, that contains customer names, phone numbers, addresses etc ...), must meet certain requirements and be registered in the Registry Protection Agency , otherwise it violates the applicable law, and is liable to be fined.


WHO IS REQUIRED TO COMPLIANCE?

 

The Data Protection Act applies to all employers and professionals as well as to all entities, whether public or private, within the framework of its activities, which seek personal data in the Spanish territory.

 

WHAT IS THE CURRENT STATUS OF PRIVACY?

 

Many companies, professional associations, etc.. are being inspected by trade, and have already been fined 600,000 euros, which has resulted in the closure of some.

 

The number of fines has increased eightfold in just one year, because the Data Protection Agency currently is funded exclusively through sanctions. We should note that it is not neccessary to make big mistakes for being fined, but simply the fact that no discharged APD files are punishable by fines of up to 300,000 euros.


The transfer of files to third parties, outsourcing the payroll preparation process without adequate security measures or lack of backups are some commercial habits by the company sanctioned.


In addition, in connection with the LSSI (Law of Services of the Information Society), a web must have your domain registered in the commercial register, and if you use forms, warn your users that will become part a database and their rights, among other things.

 

MANDATORY DEADLINES


The organizational, legal and technical adaptation of the data files, in the said laws have certain deadlines that must be met . Thus:

  • File-baseline: until March 26, 2000. ATTENTION: The deadline has expired more than 7 years.

 

  • File-average: Until June 26, 2000..

ATTENTION: The deadline has expired more than 7 years.

 

  • High-level files: Until June 26, 2002.

ATTENTION: The deadline has expired more than 5 years.

 

Regarding the Biennial Audits :

  • Files-average : Until June 26, 2002.

ATTENTION: The deadline has expired more than 5 years.

 

  • High-level Files: Until June 26, 2004.

ATTENTION: The deadline has expired more than 3 years.