PAe - the new law of personal data protection and guarantee of digital rights
the accesskey _ mod _ content

La nueva Ley de Protección de Datos Personales y garantía de los derechos digitales

12 December 2018

Published in the BOE of 6 December, the Organic Law 3/2018 responds to the need for a standard for adaptation of Spanish legislation to the General regulation of data protection and the objective of providing legal certainty.

The Act 3/2018, 5 December, of protection of personal data and guarantee of digital rights (Opens in new window) pursues adapt the Spanish legal system to Regulation (HAT) 2016/679 of the European parliament and the council of 27 April 2016, concerning the protection of individuals with regard to the processing of your personal data and on the free movement of such data (Opens in new window) , and completing its provisions; and ensure the digital rights of citizenship under the terms established in Article 18.4 of the constitution.

This Act consists of ninety-seven articles structured in ten titles, twenty-two additional provisions, six transitional provisions, a derogation provision and sixteen final provisions, and therefore it is an extensive text.

From the point of the administration digital, notably the title X that contains digital rights and freedoms of Internet environment such as net neutrality and universal access or rights to security and digital education, as well as rights to oblivion, portability and the digital testament, along with the right to the digital disconnection within the framework of the right to privacy in the use of digital devices in the workplace and the protection of minors in the Internet; more the guarantee of freedom of expression and the right to the clarification of information in digital media.

We highlight below, in particular, two issues. First, the First Additional Provision that concerning the safety measures in the Public sector provides that the National security Scheme will include actions to be implemented in case of treatment of personal data; that those responsible listed in Article 77.1 applied to treatment of personal data security measures that correspond to those provided by the quoted National security scheme ; and that when a third party to perform a service under concession, directs management or contract, security measures will match those of the public administration of origin and conform to the national security Scheme.

Secondly, the final disposal 12th modifies paragraphs 2 and 3 of Article 28 Law 39/2015, 1 October, Common Administrative procedure of public administrations (Opens in new window) with the interesting nuance that paragraph 2 begins with a formulation in terms of “ individuals have the right not to provide documents that are already in power of the officiating Administration … ”.

  • Citizen
  • Open government