If you are living, working or doing any kind of business in Marbella or any other parts of Spain, it’s imperative for you to understand the data protection directives under the Spanish legal system.

The law applies to you in respect to the processing of personal data and failing to protect personal data only invites the risk of paying fines under the authority of Spanish Data Protection Agency.

The Spanish Constitution clearly underlines the right to personal privacy, secrecy of communications, and the protection of personal data which are further safeguarded with the Data Protection Act (LOPD), in compliance with the European Union Data Protection Directive.

It applies to information held by both public and private sectors, and talking about Spain, the data protection agency AEPD overseas all legal provisions guaranteeing the protection of individual rights. The agency has the authority to scrutinize and impose sanctions on individual or the company in violation of any directive.

To simplify the above said statement, the particular ‘law’ protects ‘personal data’ i.e. any information related to any identifiable individual. For example, if you are a resident of Marbella then it’s obvious that you must have passed on information like telephone numbers, e-mail address, your bank account, driving licence number etc. in your everyday use.

Here the data you forwarded or given to you a company for your personal use, such as booking an airline ticket, needs to be used only for the particular purpose and there should not be any third party dealing without your consent. It’s now the duty of the company or organisation that processes the data to ensure security of your personal information.

Does the Data Protection Act apply to you?

In general, it’s not individual; rather anyone who processes personal data comes under the dictums of the Act. So, data protection implies a larger sphere that deals with anything and everything that is to do with individuals’ personal details.

Hence, if you are processing the personal data then you are answerable to the authority – the Agency (AEPD). And, failure to register yourself under the agency directly drives you to a criminal offence which later forces you to pay fine and even more stringent action for any breaches of LOPD.

What Rights Do Individuals Get?

In case you have some kinds of data stored or regulated by the data controller, the law establishes the right of citizens to know what personal data is contained in electronic records and grants the right to correct or delete incorrect or false data in those records. And in some cases, if the company ignores your request, you can approach the possible legal way and made them to do so.

Furthermore, the LOPD restricts the disclosure of personal information to a third party that may cause damage or distress; in that case, an individual consent is required first. Additional protections are also provided for sensitive personal data like medical records.

The above information was just an overview of the Data Protection procedure while there are several principles that each data controller or processor needs to follow to come into the guidelines and to ensure greater security of personal data and individual rights.

Security Procedure for High Risk Files

The new regulation of Spanish Data Protection Law (LOPD) now includes non-automated files such as paper documents. For example, files that contain patients’ medical information are considered as high risk and directives have been made to adopt special measures regarding data storage, reproduction and transfer.

Hence in case you are running a business in Marbella, make sure that your business doesn’t comply with the LOPD. AEPD, to the very likely, may inspect the kind of business you are into and in case it finds that you have ignored to register your company under the Agency guidelines, you will be compelled to pay a hefty fine ranging from €600 to €600,000.

As per the law, companies with such high-risk files must be audited by an authorised company specialising in the data protection law (LOPD). In the past few years, AEPD has fined a huge number of companies for not protecting their data and in another case; it has also fined a neighbourhood community for publishing details about a list of defaulters.

Furthermore, the Agency has also imposed a fine of €601 on a community of home owners in Granada for installing a camera on the property entrance without declaring its existence and purpose. Additionally, there have been reports of penalty collected from property management companies for not registering the mandatory data files.

Hence, it’s advisable for all business establishments in Marbella and any other parts of Andalucía, Spain to register every bit of personal data they control and the level of risk associated. You may take help of any authorised auditing company for all the necessary steps you require to comply with the LOPD.

For detailed information, please visit the official web page of the AEPD Agencia Española www.agpd.es