The regulations of the Directorate General of Registries and Notaries (DGRN) of 12th of February 2015, based on Act 14/2013 for Supporting Entrepreneurs, sought the speeding up of the legalisation system of company books. Nonetheless, significant problems and doubts arose in practice concerning the level of safety applicable to data transmission (electronic files) from the company to the Companies Registry, especially relevant to minutes books containing proceedings or decisions of high strategic level which could fall into the hands of third parties through “hacker” invasions in the computer system. These questions have been addressed in the new regulations of the DGRN of 1st July 2015, were published on 8th July 2015 in the BOE (the Spanish Official State Gazette).
MODIFICATIONS OF THE REGULATIONS OF 12TH OF FREBRUARY 2015.
The regulations of 1stJuly contain several measures regarding the security and privacy of files contained in company books, as summarised hereafter:
a) General security measures in the handling of the files of company books submitted by telematic means to the Registry for their legalisation.
- These files will be deleted once the registrar has issued the certificate for legalisation. If they are qualified with defects, which have not been amended, they will be destroyed when the entry date expires.
- The procedure for the reception and management of the files will ensure the computer traceability of any procedures and those people who may have been involved in them.
b) File security in books sent to the Registrar which are not encrypted
- The person responsible for files generated by the legalisation procedure is the Registrar and, therefore, he must take measures to guarantee the security of personal data, as well as their confidentiality while they are in his power.
- Nonetheless, for the purpose of means of evidence in legal proceedings, the company must keep a computerised copy with the same content and format as the files of the submitted books. If this file is requested by the court, the company will only have to hand over the copy of the legalised file and the document certifying the legalisation.
c) Encrypted files. Special protection.
- Upon request of the company, the Registrar shall use the electronic procedure platform of the Spanish Association of Registrars to encrypt files, which has no charge.
- In this case, the registrar will certify the content as well as that the algorithm generated by the files encrypted match the record of the submitted books.
d) Companies providing a certifying service. The regulations allow the encryption by third parties, as well as the free system provided by the Spanish Association of Registrars.
- The company may also use a double key encryption system (public and private) provided by the certifying agencies with an acknowledged digital signature, an entity that will function as a “trusted third party.” These agencies will provide their services according to the stipulations of Law 34/2002 on Information Society Services.
e) All books legalised on blank sheets, with entries in a fiscal year commenced after 29th September 2013 and closed before 31st December 2014, not transferred to a new book in electronic format, will not need to be legalised again.
f) Submission to the Mercantile Registry.
The legalisation of books can be completed jointly in a single act or separately, enabling the encryption of all or only some of them. Books that are not mandatory do not need to be legalised telematically.
Doubts remain about the adequacy of these security measures in order to guarantee the confidentiality of the information contained in the files, as these may prove to be insufficient, in light of the unstoppable race between data protection on the Web and the technical capacity to break into limited access areas, either for pure fun or for criminal purposes. For that reason, the explanatory memorandum of the regulation keeps the door open to future amendments that could modify or elaborate telematic procedures of company book legalisation, with the aim of digitalising the process, without neglecting rights to confidentiality and security rights of the company.
Eduardo Vilá
Vilá Abogados
For more details please contact:
10th July 2015
