Personal data protection

In an environment where it is increasingly common to collect information from people with whom we interact and a reality in which data protection legislation is more and more complex, having the support of professional lawyers to guide you and to give you personalized and specific legal advice may be crucial to comply with data protection policy and law.

inmentor offers legal advice in order to comply with the General Data Protection Regulation, (Regulation (EU) 2016/679- “GDPR”), in particular:
Consultancyspecialised and experienced lawyers answer any question and solve issues or problems that may arise concerning with the processing of personal data. We are at your disposal for (inter alia):

  • Analysis of personal data processing system;
  • Risk level evaluation as well as its impact on the personal data protection;
  • Legal advice related to the data Subject Rights: to access, rectification, to be forgotten, portability, etc.;
  • Drafting of the relevant legal documents, such as;
    • Contracts with clients, staff, processor, etc.
    • Relevant clauses for website enabling the personal data processing.
    • Security Document
  • Video surveillance
  • Cross-border processing
  • Data protection on the internet.

RGPD auditing services, including:

  • Analysing existing technical/organizational measures and validation of security document;
  • Auditing reports on data protection;
  • Advising on the implementation of the measures proposed in the auditing report.

Internal training for the staff of your company according to the specific use and processing of personal data also for electronic commerce businesses.

Defence of an expert lawyer in case of sanctions on by the Spanish Data Protection Agency.

RGPD – “The General Data Protection Regulation (REGULATION (EU) 2016/679″

Based on the new General Data Protection Regulation (REGULATION (EU) 2016/679 – “GDPR”), any person responsible for or in charge of the processing of personal data (SMEs, public organizations, NGOs, etc.) must comply with the GDPR.

The GDPR is important because, among others:

  • It replaces the previous legislation, bringing all EU states under a single legal framework;
  • increases the level of personal data (PD) protection and implies a greater commitment to PD by companies or organisations:
    • In this sense, the “active liability” is introduced: it is not enough to react only when an infringement has occurred, but companies must take all necessary measures to reasonably ensure that they are able to comply with the principles, rights and guarantees of the GDPR.
  • It applies not only to data controllers and processors established in the EU, but also to those outside the EU if the processing in question is related to:
    • Offers of goods and services intended for EU citizens, or
    • monitoring and follow-up of their behaviour.
  • It broadens the very definition of “personal data”: it now covers any “information about an identified or identifiable natural person” (economic, cultural, health, etc.).
    • It can even affect the processing of data carried out using pseudonyms, when it is easy to identify who they belong to.
  • It introduces new rights to improve the decision-making capacity and control of EU citizens over their personal data, for example:
    • The right to be forgotten: the data subject can request that links that lead to false, incomplete, irrelevant, obsolete information, etc., be blocked in a list of search engine results.
    • The right to portability: personal data already provided may be transferred to another person or company through a request for direct transmission or through its retrieval in a format that allows its transfer.
  • It strengthens the general principle of the need for the consent of the data subject for any processing of personal data:
    • must be “free, specific, informed and unambiguous”:
      • “Tacit consent” is no longer accepted: a positive action or a statement expressing the approval of the person concerned is required.
      • And the consent must be explicit in the case of sensitive data.
    • It establishes that the data controller is also responsible for complying with the provisions of the GDPR.
    • It provides for severe fines for breaches of the obligations of the controller and the data processor, among others:
      • EUR 10 million or 2% of the overall total annual turnover for failure to report possible breaches to the data protection authority.
      • EUR 20 million or 4% of total annual global turnover for any breach of the basic data-processing principles.

      In both cases: “whichever is higher” (art. 83)

Are you sure you already meet the GDPR?

  • Non-compliance can be expensive.
  • It is not just a question of information technology, but also of law.
  • The GDPR also affects companies established outside the EU.

If you wish, we can help you with our specialised legal advice for compliance with the Personal Data Protection regulations.

Contact us clearly describing the matter and your needs. We will try to give you clear information and possibly the budget to benefit you from our services.