On May 25, 2018 comes into force compulsorily the new European regulation affecting Protection Act Data, or LOPD (by Organic Law on Data Protection) although the final version of the law is still pending in the Spanish parliament .
Who is affected by the new law: All entities that deal with personal data and are within the European Union. That is, if you're in Europe and you have a website where you offer a newsletter subscription and therefore recabas the name and email to your subscribers, it affects you. If you have customers, employees and suppliers ... then you hesitate and neither affects you directly.
Most clients and students ask me questions about it, so here I prepared a brief summary of the 7 most important points you should know about the new law.
What are the new obligations of the Data Protection Act
1. Accountability: you must notify the Spanish Data Protection Agency, within 72 hours any security breach affecting personal data. And if the data are of a sensitive nature (sexual orientation, health, religion, etc.) you must also notify affected users. But no longer you need to register files on the website of the Agency.
2. Proactive Responsibility: You should prevent any incident that may lead to a breach in the security of your data. For example, the machines which are data must have login and password, you must have the updated operating system, should have antivirus, etc. If you have more than 250 employees have to keep track of treatment activities (my advice is that if this is your case, you put in the hands of a specialist).
3. The Data Protection Officer: If you have sensitive data (my advice is to not have them) you need from a security in your company that will be responsible or in charge of supervising compliance. This was already the case with the old regulation, but now you have the name "Data Protection Officer".
4. The Right to be Forgotten: 5. Right to Portability:
5. Right to Portability: This is new and it is a good idea! Users who have provided their data digitally someone who is recovering can request this data in a format that allows the transfer ... will be practical to change doctors!
6. Changes in obtaining consent: el reglamento indica que el consentimiento debe ser libre, informado, específico e inequívoco. Aquí es cuando empiezan los problemas… porque en la Agencia de Protección de Datos indican que en todos los formularios de captación de datos hay que poner una parrafada de 150 palabras. Y debes poder demostrar que los usuarios te han cedido los datos libremente e inequívocamente. No te preocupes, en el menú de administración de los programas de gestión de emails tipo Mailchimp te indican la fuente de los datos y la fecha en la que se incorporaron y por lo tanto, tienes un registro y una prueba de su suscripción. Además, como los usuarios deben confirmar su email (doble opt-in) no hay posibilidad de que se suscriban sin darse cuenta. Esto está pensado para los que compran datos personales. Sobre las coockies, la normativa sigue igual, necesitas el consentimiento del usuario la no acción no puede ser considerada una aceptación.
7. Data processing by third parties: If you use an agency to pay payroll or a company marqueting makes your newsletter, you need a certificate from the company in which you are instructed to comply with regulations. Before you needed a contract ... a certificate is easier to obtain.
To facilitate the work and have all the documentation, the Spanish Agency for Data Protection You have created a website that automatically generates documentation you all you need (including paragraphs of forms, certificates for your agency, etc.). The truth is that the tool is fine. This is the link: facilitates RGPD. I recommend you use it.
As you can see it is not as drama as he is painted, make sure you meet the requirements, take heed documentation of the Agency if ever you need it and continues to work as usual.
Mailchimp why I cited is the newsletter sending program that I use and I teach in class emailmarketing, but most programs work the same, so check yours what makes for lighter.
I hope this article has been helpful.
Specialist Digital Marketing Strategy and Digitization Process. I help businesses and territories to develop thanks to the use of Internet in their business strategies.
Impart conferences, training and consulting for over 20 years. Program Director of the Degree of Entrepreneurship Digital (Digital Business) La Salle - URL.
My digital DNA comes from Intercom (creators of Infojobs, Softonic, eMagister, Solostocks, among other companies). I created my first website in 1994 and started my first online business in 1998.
I am at your disposal for whatever you need. Let's talk.