RGPD, is the most listened term in recent months for digital marketing professionals who seek to generate qualified leads, conversion and economic transactions online.
In This bewilderment appear thousands of articles and information about it, begin to emerge thousands of “experts” who want to advise us and then charge us.
As responsible for marketing and digital marketing of brands and digital projects we must know the implication that the RGPD or General Regulations of Data Protection will have not only in our web but in how we treat and collect the data.
Why this nuance?
It Is a methodology and way of working focused on the data within a normative framework and procedimentado. To give you a simile, as if we had to implement a small ISO standard in our company.
But we will understand in depth all the nuances.
Why RGPD is emerging at European level
RGPD or General Regulations on Data Protection, as its name implies, is a Regulation and therefore, unlike the EU Directive which it replaces, applies directly in all member States without the need for an internal transposition standard for its Incorporation into national Law.
However, each member State has the need to update its national Data Protection legislation in order to align it with the mandates contained in the RGPD.
In Addition to giving content to certain aspects that the European standard allows to be legislate in accordance with the context of the legal system of each member country.
A few days after the compulsory implementation of the RGPD, few member States have adapted their internal rules to the Rules of Procedure.
In Spain, last November 2017, approved the Draft Organic Law on Data Protection (hereinafter, PLOPD), which will enter into force and apply on the same day that the RGPD is mandatory, this is the next 25 May.
The RGPD and the PLOPD will repeal the current national Data Protection regulations, this is both the current Organic Data Protection Act of 1999 and its development Regulations of 2007.
In any case, the Spanish legislator has a long way to go that goes, among other things, by the drafting of a new Regulation of development of the PLOPD.
What Does RGPD for the company entail?
The new normative block of Data Protection will be applicable to all companies dealing with personal data. It doesn’t matter whether it’s digital or not.
By Adopting the company the figure of responsible or charge of treatment, whether it is located its registered office in a member State or, without being it. Provide goods or services to citizens of the European Union or to treat data on citizens of the Union.
From A strategic point of view we must understand this as an unprecedented competitive advantage, because for the first time in the data market, all companies leave the same “exit box”.
Aspects to be taken into account of the General Rule of Data Protection
Among The main novelties of the new regulations on Data Protection include:
– Those related to the consent of the person concerned in the processing of his/her Personal Data.
– The new rights attributed to it.
– And of all the principles that should govern any data processing, the principle of accountability.
The new regulations require that the consent to the treatment of Personal Data of the person concerned be unequivocal, free and revocable.
Adding that it must be given by a clear affirmative act, not accepting tacit consent, for each of the purposes of the treatment.
In relation to the rights of the interested parties, in addition to collecting a review of the traditional rights of access, rectification, cancellation and opposition, known as A.R.C.O. Rights, includes the following rights:
Right to limitation of treatment
This right assumes that, at the request of the person concerned, the treatment operations in each case would not apply to their personal data.
As Long as a certain set of circumstances are given.
By this right, the person concerned may request the person responsible for the treatment to have their personal data transmitted directly to another person responsible. Without the need for them to be transmitted previously to the person concerned, as long as it is technically possible.
Right of suppression (“The Right to Oblivion”)
The person concerned, in cases where a series of specific circumstances is fulfilled, will obtain, exercising this right, the deletion by the person responsible for the processing of the personal data that concern him, without undue delay.
New principles of the processing of Personal Data
The new regulations also present a series of new principles of the processing of Personal Data, such as:
Data protection by default and from design, involving companies to take measures to ensure compliance with the standard from the moment the company is created, the product or service or activity that involves processing the data.
The principle of transparency that implies that all communications with the person concerned (from the WEB legal texts to the forms of exercising their rights) must be simple and intelligible, always facilitating their understanding.
Finally, the principle of accountability, one of the cornerstones and important novelty regarding the previous legislation which, due to its importance and effects, deserves to be mentioned separately.
What is the DPD or Data Protection Delegate?
Together with the aforementioned principle, another of the important novelties of the RGPD is the creation of the figure of the Data Protection Delegate (hereinafter, DPD).
It Has to have legal knowledge in general and especially in matters of Data Protection, Privacy and Security. Having to exist in certain types of companies, DPD may be internal or external.
In any case, the DPD, must report at the highest hierarchical level of the Company, act independently and cooperate with the control authority, Spanish Agency for Data Protection (AGPD), not being able to be dismissed in the exercise of its functions.
Companies that are not prepared for the new regulations on 25 May are facing important sanctions.
Opting for the largest amount, up to 20 million euros or an amount equivalent to 4% of the total annual turnover of the previous financial year.