IT Governance urges Spanish organisations to prepare for the GDPR as the Spanish government submits a draft bill on data protection


Dublin, Ireland, 7 July 2017 – IT Governance, the leading provider of data protection and GDPR expertise, urges organisations to start preparing for the General Data Protection Regulation (GDPR). This comes in response to the draft bill for an Organic Law on the Protection of Personal Data in order to adapt Spanish legislation to the GDPR.

According to Rafael Catalá, the ministry of justice in Spain, “the adaptation of the legislation to the new European Regulation makes it necessary to draw up a new Organic Law replacing the current one, whose rules and development must be reviewed and adapted to avoid contradictions”.

With ten months left until organisations need to achieve compliance, the GDPR heralds the most significant change to data protection law worldwide. From 25 May 2018, the new Regulation will affect every organisation that processes and collects EU residents’ data.

The GDPR creates a shift in the way organisations will handle data, introducing new obligations and requirements, such as privacy by design and by default, 72 hours’ breach notification, the appointment of a data protection officer (DPO) and penalties of up to 4% annual turnover or €20 million – whichever is greater.

Alan Calder, the founder and chief executive officer of IT Governance, said: “The GDPR introduces significant changes in the areas of data subject and child consent, privacy by design, data breach notification, international data transfers and data protection officers, among others. By adopting a law that closely aligns with the GDPR, the Spanish law makers facilitate global organisations to trade internationally and meet the same requirements for data protection.”

Alongside data subject rights, such as the right to data portability and the right to be forgotten, the GDPR introduces changes to consent, which will require the data subject to take clear affirmative action to opt-in to processing for the consent to be lawful. Regardless of the age of consent in Spain, the Bill reduces the age from 14 to 13 years old, the lower age boundary established by the GPDR.

The Spanish organic law, available only in Spanish, consists of 78 articles structured in 8 titles, 13 additional provisions, 5 transitional provisions, 1 single repeal provision and 4 final provisions.

To find out more about the latest GDPR news, please visit the website, email or call 00 800 48 484 484.