The new European data protection regulation will mean far- reaching changes for businesses
In May 2018, the new General Data Protection Regulation of the European Union (GDPR) will be obligatory, bringing about major changes in the current model for managing personal data in terms of the rights and obligations that businesses will need to address.
One new development of the RGDP is the need to inform users in greater detail than previously, under the terms of the current personal data protection law, the LOPD, such as how long the data collated will be kept, whether they will be stored outside the European Union or whether their assignment is linked to receiving commercial communications.
For in- depth analysis of one of the biggest legislative changes in the last twenty years, everis, Garrigues and Informatica organized a seminar in Madrid on 24 April entitled "Dealing with the challenges of data processing and security in the light of the new European Regulation” During the working meeting, several experts from the legal, technological and information security sectors analyzed how businesses would need to adapt to this new regulation and the challenges faced by their organizations in this regard.
Garrigues' privacy and technology expert Alejandro Padin opened the seminar, as legal counsel in the firm's Corporate department, he warned attendees that the "formal obligations imposed by the 1999 LOPD will disappear, to be replaced by requirements for real and effective compliance, which will also have to be demonstrated. The consent provided will need to be explicit, a positive action. Consent obtained previously may well have to be renewed."
Another speaker introducing the seminar was Elena Irina Vasiliu, a Policy Officer of the European Commission dealing with the data protection sector, who pointed out that the European Commission is working together with the Member States and the national regulators to achieve a coherent application of the GDPR in all Member States. In this regard the Constitutional Court lawyer, Juan Antonio Hernández Corchete, advised that the draft bill is about to come into force, however until that time there will be a degree of legal insecurity surrounding the specific definition of the legitimate interest that will determine the data processing. However - he assured attendees - "that uncertainty is manageable".
In order to implement the new GDPR, businesses will need to make both technological and organizational changes. In this regard, Óscar Alonso Llombart, RGDP technology leader at everis, explained that “a new information governance model has been proposed for businesses which will call for new roles within the company and a technological infrastructure that reinforces data security. Therefore, we need an "end to end” vision of the whole information governance process which also extends to all the documentation processed and handled by companies".
Other speakers were José Ramón Morales, partner in Garrigues Commercial department; Federico Alonso, EMEA expert in IT and data management, and Roberto García Polo, senior partner at G-advisory.
The program will be reprised at a further seminar to be held in Barcelona on 26 April.