{"id":2353,"date":"2018-03-23T08:17:50","date_gmt":"2018-03-23T08:17:50","guid":{"rendered":"https:\/\/vila.es\/en\/?p=2353"},"modified":"2020-11-17T16:00:14","modified_gmt":"2020-11-17T16:00:14","slug":"new-eu-regulation-data-protection","status":"publish","type":"post","link":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/","title":{"rendered":"NEW EU REGULATION FOR DATA PROTECTION"},"content":{"rendered":"<p style=\"text-align: justify;\">The technological changes taking place during the last few years have made it necessary for the European Parliament and Council to update European legislation for the protection of data given the existence of ever greater risks. This legislative update has given rise to the General Data Protection Regulation (hereinafter referred to the \u201cRegulation\u201d).<\/p>\n<p style=\"text-align: justify;\">The Regulation shall be automatically applied as from 25<sup>th<\/sup> May 2018 in all of the member states, that is to say without the need for transposition. Accordingly, companies have had to adopt the necessary measures in order to comply with the provisions of the Regulation.<\/p>\n<p style=\"text-align: justify;\">The major new developments are projected in two elements:<\/p>\n<p style=\"text-align: justify;\"><strong>1) The principle of proactive responsibility:<\/strong><\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">The person responsible for data processing should apply appropriate technical and organisational measures in order to guarantee and be able to demonstrate that the processing is in line with the Regulation. This principle requires organisations to analyse what data they process, for what purposes and what type of processing operations they carry out.<\/p>\n<p style=\"text-align: justify;\"><strong>2) Focus on risk:<\/strong><\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">The measures directed at guaranteeing compliance with the Regulation must take into account the nature, the field, the context and the purposes of the processing, and likewise the risk to the rights and freedoms of persons.<\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">In accordance with this focus there are measures set forth in the Regulation, which must be applied when a high risk to rights and freedoms exists and other measures which must adapt to the level and type of risk.<\/p>\n<p style=\"text-align: justify;\"><strong>DEVELOPMENT OF PREVIOUS PRINCIPLES:<\/strong><\/p>\n<p style=\"text-align: justify;\">In general, the Regulation does not introduce new principles, however, it does develop, in a more efficient, manner the already existing principles:<\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">1) <u>Prohibition, unless authorised<\/u>: any personal data processing is prohibited unless it has been <u>expressly<\/u> permitted. With the Regulation, this principle of prohibition is indiscriminately applied to any kind of personal data.<\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">2) <u>Purpose limitation<\/u>: companies may <strong>only collect and edit data with specific objectives<\/strong>. In order to do so, when starting to collect data, they must formulate their objective and document their future use.<\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">3) <u>Minimisation of data<\/u>: it is not possible to collect more data than necessary to achieve the anticipated goal. <strong>This avoids the excessive collection of data<\/strong>.<\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">4) <u>Transparency<\/u>: the information for the interested parties must be concise, transparent, intelligible and of easy access, with a clear and simple language. Previously it was only necessary to be precise and transparent.<\/p>\n<p style=\"padding-left: 40px; text-align: justify;\">5) <u>Confidentiality<\/u>: companies are obliged to protect the personal data of their clients from theft, in a technical and organisational manner, which is a new development. In the case of information theft, <u>it is important that the technical and organisational protection measures are appropriate for the associated<\/u> risk and the type of data stored.<\/p>\n<p style=\"text-align: justify;\"><strong>COMPANY DELEGATES:<\/strong><\/p>\n<p style=\"text-align: justify;\">Directive 95\/46 focused on the activity of the delegates for data protection. However, the Regulation contains obligations for them, such as maintaining a register of activities of data processing and determining the applicable security measures to be applied to the data processing which they carry out.<\/p>\n<p style=\"text-align: justify;\">As far as companies are concerned, even when the principle activity is not related to data processing, the Reglulation establishes the obligation to appoint a data protection delegate for companies when at least 10 people attend to the automated processing of data. This affects many medium-sized companies.<\/p>\n<p style=\"text-align: justify;\">Furthermore, the Regulation establishes the obligation for the person responsible for the data to sign a contract with the delegates. The Regulation also goes further in this area and establishes the minimum content that such contracts should have.<\/p>\n<p style=\"text-align: justify;\">The people responsible must also carry out an evaluation of the risk of the data that they process, in order to set forth the measures to be applied and how to do so. The type of analysis shall vary depending on the data being processed, but large organisations must carry out said analysis using one of the existing risk analysis methodologies.<\/p>\n<p style=\"text-align: justify;\"><strong>NOTIFICATION OF SECURITY BREACHS:<\/strong><\/p>\n<p style=\"text-align: justify;\">The Regulation extensisvely defines the security breaches, including any incident causing \u201c<em>the destruction, loss or accidental or illicit alteration of transmitted, conserved personal data or personal data processed in any other way, or the communication, or the non-authorised communication or access to said data\u201d.\u00a0 <\/em>In practice, the loss of a personal computer which contains client&#8217;s data, the non-authorised access to the data base of an organisation (including for personal use) \u00a0or the accidental deleting of some registers are deemed to be security breaches in accordance with the Regulation.<\/p>\n<p style=\"text-align: justify;\">When a security breach occurs, companies must notify the competent data protection authorities within 72 hours following the discovery of the security breach.<\/p>\n<p>&nbsp;<\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: justify;\">Hugo Ester<\/p>\n<p style=\"text-align: justify;\">Vil\u00e1 Abogados<\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: justify;\">For more information, please contact:<\/p>\n<p style=\"text-align: justify;\"><span style=\"color: #3366ff;\"><a style=\"color: #3366ff;\" href=\"mailto:va@vila.es\">va@vila.es<\/a><\/span><\/p>\n<p>&nbsp;<\/p>\n<p style=\"text-align: justify;\">23<sup>rd\u00a0<\/sup>of March 2018<\/p>\n","protected":false},"excerpt":{"rendered":"<p>The technological changes taking place during the last few years have made it necessary for the European Parliament and Council to update European legislation for the protection of data given the existence of ever greater risks. This legislative update has given rise to the General Data Protection Regulation (hereinafter referred to the \u201cRegulation\u201d). The Regulation  [&#8230;]<\/p>\n","protected":false},"author":4,"featured_media":4726,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[85,77,142,87],"tags":[],"class_list":["post-2353","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-data-protection","category-european-union","category-internet-3","category-technology"],"yoast_head":"<!-- This site is optimized with the Yoast SEO plugin v27.1.1 - https:\/\/yoast.com\/product\/yoast-seo-wordpress\/ -->\n<title>NEW EU REGULATION FOR DATA PROTECTION<\/title>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"NEW EU REGULATION FOR DATA PROTECTION\" \/>\n<meta property=\"og:description\" content=\"The technological changes taking place during the last few years have made it necessary for the European Parliament and Council to update European legislation for the protection of data given the existence of ever greater risks. This legislative update has given rise to the General Data Protection Regulation (hereinafter referred to the \u201cRegulation\u201d). The Regulation [...]\" \/>\n<meta property=\"og:url\" content=\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/\" \/>\n<meta property=\"og:site_name\" content=\"Vil\u00e1 Abogados\" \/>\n<meta property=\"article:published_time\" content=\"2018-03-23T08:17:50+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2020-11-17T16:00:14+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg\" \/>\n\t<meta property=\"og:image:width\" content=\"669\" \/>\n\t<meta property=\"og:image:height\" content=\"272\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/jpeg\" \/>\n<meta name=\"author\" content=\"Vil\u00e1 Abogados\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"Vil\u00e1 Abogados\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"4 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/\"},\"author\":{\"name\":\"Vil\u00e1 Abogados\",\"@id\":\"https:\/\/vila.es\/en\/#\/schema\/person\/1338568a83d16fbfd6073c8cc4834904\"},\"headline\":\"NEW EU REGULATION FOR DATA PROTECTION\",\"datePublished\":\"2018-03-23T08:17:50+00:00\",\"dateModified\":\"2020-11-17T16:00:14+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/\"},\"wordCount\":773,\"image\":{\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg\",\"articleSection\":[\"Data protection\",\"European Union\",\"Internet\",\"Technology\"],\"inLanguage\":\"en-US\"},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/\",\"url\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/\",\"name\":\"NEW EU REGULATION FOR DATA PROTECTION\",\"isPartOf\":{\"@id\":\"https:\/\/vila.es\/en\/#website\"},\"primaryImageOfPage\":{\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage\"},\"image\":{\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage\"},\"thumbnailUrl\":\"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg\",\"datePublished\":\"2018-03-23T08:17:50+00:00\",\"dateModified\":\"2020-11-17T16:00:14+00:00\",\"author\":{\"@id\":\"https:\/\/vila.es\/en\/#\/schema\/person\/1338568a83d16fbfd6073c8cc4834904\"},\"breadcrumb\":{\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/\"]}]},{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage\",\"url\":\"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg\",\"contentUrl\":\"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg\",\"width\":669,\"height\":272},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Portada\",\"item\":\"https:\/\/vila.es\/en\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"NEW EU REGULATION FOR DATA PROTECTION\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/vila.es\/en\/#website\",\"url\":\"https:\/\/vila.es\/en\/\",\"name\":\"Vil\u00e1 Abogados\",\"description\":\"Damos soporte jur\u00eddico a proyectos e iniciativas de negocio de empresas y de emprendedores extranjeros y nacionales\",\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/vila.es\/en\/?s={search_term_string}\"},\"query-input\":{\"@type\":\"PropertyValueSpecification\",\"valueRequired\":true,\"valueName\":\"search_term_string\"}}],\"inLanguage\":\"en-US\"},{\"@type\":\"Person\",\"@id\":\"https:\/\/vila.es\/en\/#\/schema\/person\/1338568a83d16fbfd6073c8cc4834904\",\"name\":\"Vil\u00e1 Abogados\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/vila.es\/en\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/80372a28ffd84e8b62261dc710c686e32c574bf8a1c71bfd6ebfba0f351a081b?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/80372a28ffd84e8b62261dc710c686e32c574bf8a1c71bfd6ebfba0f351a081b?s=96&d=mm&r=g\",\"caption\":\"Vil\u00e1 Abogados\"},\"url\":\"https:\/\/vila.es\/en\/author\/vilaes\/\"}]}<\/script>\n<!-- \/ Yoast SEO plugin. -->","yoast_head_json":{"title":"NEW EU REGULATION FOR DATA PROTECTION","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/","og_locale":"en_US","og_type":"article","og_title":"NEW EU REGULATION FOR DATA PROTECTION","og_description":"The technological changes taking place during the last few years have made it necessary for the European Parliament and Council to update European legislation for the protection of data given the existence of ever greater risks. This legislative update has given rise to the General Data Protection Regulation (hereinafter referred to the \u201cRegulation\u201d). The Regulation [...]","og_url":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/","og_site_name":"Vil\u00e1 Abogados","article_published_time":"2018-03-23T08:17:50+00:00","article_modified_time":"2020-11-17T16:00:14+00:00","og_image":[{"width":669,"height":272,"url":"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg","type":"image\/jpeg"}],"author":"Vil\u00e1 Abogados","twitter_card":"summary_large_image","twitter_misc":{"Written by":"Vil\u00e1 Abogados","Est. reading time":"4 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#article","isPartOf":{"@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/"},"author":{"name":"Vil\u00e1 Abogados","@id":"https:\/\/vila.es\/en\/#\/schema\/person\/1338568a83d16fbfd6073c8cc4834904"},"headline":"NEW EU REGULATION FOR DATA PROTECTION","datePublished":"2018-03-23T08:17:50+00:00","dateModified":"2020-11-17T16:00:14+00:00","mainEntityOfPage":{"@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/"},"wordCount":773,"image":{"@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg","articleSection":["Data protection","European Union","Internet","Technology"],"inLanguage":"en-US"},{"@type":"WebPage","@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/","url":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/","name":"NEW EU REGULATION FOR DATA PROTECTION","isPartOf":{"@id":"https:\/\/vila.es\/en\/#website"},"primaryImageOfPage":{"@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage"},"image":{"@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage"},"thumbnailUrl":"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg","datePublished":"2018-03-23T08:17:50+00:00","dateModified":"2020-11-17T16:00:14+00:00","author":{"@id":"https:\/\/vila.es\/en\/#\/schema\/person\/1338568a83d16fbfd6073c8cc4834904"},"breadcrumb":{"@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/"]}]},{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#primaryimage","url":"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg","contentUrl":"https:\/\/vila.es\/wp-content\/uploads\/2020\/07\/proteccion-de-datos.jpg","width":669,"height":272},{"@type":"BreadcrumbList","@id":"https:\/\/vila.es\/en\/data-protection\/new-eu-regulation-data-protection\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Portada","item":"https:\/\/vila.es\/en\/"},{"@type":"ListItem","position":2,"name":"NEW EU REGULATION FOR DATA PROTECTION"}]},{"@type":"WebSite","@id":"https:\/\/vila.es\/en\/#website","url":"https:\/\/vila.es\/en\/","name":"Vil\u00e1 Abogados","description":"Damos soporte jur\u00eddico a proyectos e iniciativas de negocio de empresas y de emprendedores extranjeros y nacionales","potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/vila.es\/en\/?s={search_term_string}"},"query-input":{"@type":"PropertyValueSpecification","valueRequired":true,"valueName":"search_term_string"}}],"inLanguage":"en-US"},{"@type":"Person","@id":"https:\/\/vila.es\/en\/#\/schema\/person\/1338568a83d16fbfd6073c8cc4834904","name":"Vil\u00e1 Abogados","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/vila.es\/en\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/80372a28ffd84e8b62261dc710c686e32c574bf8a1c71bfd6ebfba0f351a081b?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/80372a28ffd84e8b62261dc710c686e32c574bf8a1c71bfd6ebfba0f351a081b?s=96&d=mm&r=g","caption":"Vil\u00e1 Abogados"},"url":"https:\/\/vila.es\/en\/author\/vilaes\/"}]}},"_links":{"self":[{"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/posts\/2353","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/users\/4"}],"replies":[{"embeddable":true,"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/comments?post=2353"}],"version-history":[{"count":2,"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/posts\/2353\/revisions"}],"predecessor-version":[{"id":8637,"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/posts\/2353\/revisions\/8637"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/media\/4726"}],"wp:attachment":[{"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/media?parent=2353"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/categories?post=2353"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/vila.es\/en\/wp-json\/wp\/v2\/tags?post=2353"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}