Hello, good morning today in ProfitHost.Es it touches RGPD Mayo 2018 and we want to in force shed a little light to the imminent entrance of the new law of protection of also well-known data LOPD as GDPR/RGPD and their legal text of privacy.

One of the aspects that more doubts produce in the field of the labor relations is the obligations, rules and policies that must fulfill the companies in the matter of protection of data.

RGPD Mayo 2018 Entrance in force new LOPD

Next the twenty-five of May of two thousands eighteen are going to in force enter a new Statutory law of Protection of Datos (LOPD), still today in Project of Law, that has as an aim the adaptation of the legal ordering from Spain to Regulation (European Union) 2016/679 of the European Parliament and the Council, dated twenty-seven of April of two thousands sixteen, called General Regulation of Protection of Data.

To Whom It affects?

This new regulation will affect, in certain aspects, to the field of the human resources and the labor relations, and so we will analyze, now, the most essential new features. In truth, an analysis of the circular ones, instructions, resolutions, guides, et cetera that, during the years, has been emitting the Agency Of Spain de Protecci³n de Datos lets review that good part of the same is dedicated exclusively to the treatment of the data in the field of the labor relations.

New features of GDPR/RGPD Mayo 2018

One of the new features of this rule forms the treatment of the data of the people passed away, since it is left the heirs of the passed away person, to the executor either to the person or designated corporation; to request the access, rectification either elimination of the personal data, except for express prohibition of the deceased person or who prohibits it a law. Therefore, these new forecasts go to having to consider with respect to the workers of the company which were deceased, either throughout the use of the labor relation or throughout the period of conservation of the personal data.

Legitimate treatment of Data

Concerning the data whose treatment is legitimate, the next considerations must consider: The treatment must only talk about to the precise data for the professional location of the worker and the purpose of its treatment only has to be to maintain relations of any class with the company.

Independent new LOPD May 2018

Exactly the same presumption in favor of the data processing, is applied to the data of contact of the individual businessman (independent) whenever these data talk about to such condition, and do not include the treatment of its data as natural person.

RGPD Mayo 2018


Another one of the new features contained in the rule is regarding the data processing related to the presumed cases of succession of companies, presuming itself legitimate treatment of the data that were necessary for the good aim of the operation and which they let assure, if it comes, the continuity of the benefit of services. It is anticipated that, in case the mercantile operation does not reach good aim, they go away to having to eliminate with immediate character these data.


In the same way, it turns out from interest to essentially make mention to the regulation on the data processing with videovigilancia aims, since in the Project of GDPR/RGPD Mayo 2018 a collection is made lately of the judicial criteria emitted and recommendations of the Spanish Agency of Protection of Data on the question, establishing that: The treatment of images caught by cameras or systems of video is possible monitoring when it is made in order conserve the security of the people, resources and also facilities the data; they go away to having to eliminate in the maximum term of a month, except for if these images must serve as test of certain breaches and behaviors; one goes away to having to put a perceivable informative device identifying the existence of the treatment, the identity of the person in charge and the possibility of exercising the pertinent rights. The businessman is going to be able to use the recordings of the cameras and systems of video monitoring to exert the tasks of control of the fulfillment of his obligations by the part of the workers, although he establishes the obligatory nature to inform to the workers on the measurement (what he does not detail is how this means must be generated). On the other hand, in the systems of domestic demands one goes away to having to inform to the workers and to third parties into the existence into such system, being guaranteed the confidentiality of the data kept in the system and being able to preserve these data throughout a maximum of three months (past this term is due to come to its elimination). Also, it is anticipated that, in the presumed cases in which the denounced facts, could give site to disciplinary measures, will exactly leave the access to the same data by the part of the person in charge of the human resources in the company, with the aim of adopting, if comes, the pertinent disciplinary measures.

Information and Revision

Another excellent newness is that the express consent of the harmed one for the treatment of its personal data is demanded, having to be informed into each and every one of the purposes with which they are tried to deal his personal data, and this it must give his express consent for each and every one of the informed purposes. It takes to advise to us that, as rapidly as possible, and since then from the twenty-five of May of two thousands eighteen, are examined the clauses of work contracts on the treatment of the personal data to mold them to the new norm.

Proactive between the parts

Another one of new features noticeable of Project of Law is that proactive activities of the person in charge and ordered of the treatment of the data settle down (the companies and/or the people to which these designate), being due to value the situation to determine what technical and organizational measures can turn out appropriate to assure and to credit the suitable treatment of the data, as they go away to having to carry out the evaluations of impact of the treatment of the data, having to document to the decontamination operations of data and the actions to undertake.

Sanctions GDPR/RGPD Mayo 2018

Finally, concerning the sanctioning regime and the amount of the sanctions to impose, also there is an essential newness, since the amount of the presumed sanctions in the most serious ones is increased until the twenty million Euros or, concerning a company, until a four percent of his invoicing, choosing itself the amount that is greater.

Webinar: Practical aspects of the protection of data for SMEs and entrepreneurs

Interesting Webinar to be informed well and to be able to fulfill new norm GDPR/RGPD.


Numerous voices, even in the European field, already have noticed that the adaptation to the new norm for the S-states a complex process and of foreseeable way more length than the granted one (at the beginning until the twenty-five of May of two thousands eighteen), and for the SMEs it is going to be a challenge that will require of an advisable planning and advising of specialists. Source: http://bloglaboral.garrigues.com/la-proteccion-de-datos-un-nuevo-reto-para-las-empresas Gracias!