How should we adapt to the new European Data Protection Regulation? - Sagué Abogados penalistas
17963
post-template-default,single,single-post,postid-17963,single-format-standard,ajax_fade,page_not_loaded,,qode-title-hidden,qode-child-theme-ver-1.0.0,qode-theme-ver-13.8,qode-theme-bridge,disabled_footer_bottom,wpb-js-composer js-comp-ver-5.4.7,vc_responsive

How should we adapt to the new European Data Protection Regulation?

The first publication of this Blog will be dedicated to a piece of news of enormous relevance for the legal sector and the practice of the profession. We are referring to the new European Data Protection Regulation (GDPR), which as of May 25 will replace Directive 95/46, still in force, thus superseding the current Spanish Organic Law on Data Protection (LOPD).

Fundamentally, it is a Regulation that substantially modifies the concept of privacy as we have understood it to date, a cultural change that will require an enormous effort for both Lawyers and Clients to adapt to.

One of the keys to the reform lies in the regulation of consent.The new Regulation no longer considers consent as the key to legitimacy for the processing of data, but requires that consent be effectively “free, specific, informed and unambiguous”, thus rejecting tacit consents, consents that do not give the option to object and those that accumulate data processing that are not equal.

Another relevant novelty introduced by the GDPR is the recognition of new user rightssuch as the right to data portability, and the right of access to data new regulation of the right of suppressionThe right to be forgotten, which highlights the relevance of the right to receive compensation for the damages that unlawful data processing may cause.

And in order to be able to determine the appropriate measures to protect the data and the rights and freedoms of individuals, the new Regulation incorporates the principle of active responsibility This is a principle that moves away from the Spanish tradition, based on concrete compliance with regulations, to a model based on the active responsibility of “controllers”.

Thus, it can be stated that as of next Friday, May 25, all law firms must, among other obligations, keep a record of all activities according to their purpose and legal basis, adapt the informative clauses to the parameters established by the new regulation and carry out a risk assessment establishing a series of measures aimed at mitigating such risks.

In short, adapting to the new Regulation means adapting to a new privacy system, a much more proactive model that greatly increases the guarantees and protection of the interested party, and which from our point of view is a change that was absolutely necessary and essential for our Sector, taking into account the high level of vulnerability of computer systems and traditional storage and the enormous interest that the confidential information of any of the Clients of a law firm may have for third parties.

Despite all the above, we must remember that this regulation symbolizes only the beginning of a new era, so only the course of time will tell us the success or failure of its application, and especially, if this regulation has managed to implement a real cultural change in the conception of privacy and data processing that any professional has today.