As announced by the Spanish Data Protection Agency’s Director, Mar España, during the Annual Open Session held on 26 June 2016, a public consultation procedure has been opened for the amendment of Act 15/1999, on the Protection of Personal Data (“Spanish Data Protection Act”).
The Spanish Data Protection Agency ("SDPA") has started 2017 with the publication of three documents, which intends to facilitate data controllers and data processors the adaptation compliance with the General Data Protection Regulation.
The documents, which have been drafted in collaboration with the regional authorities (Catalan and Basque Agencies), and have been published in a section of the website of the SDPA created for this purpose, are the following:
After the invalidation, by the European Court of Justice in October 2015, of the European Commission Decision which declared that entities adhered to the so-called “Safe Harbor” granted a level of protection equivalent to this applicable to the Member States, a large number of companies have been forced to seek alternative mechanisms to legitimate their data transfers to the United States.
Finally, after more than four years of work, the General Data Protection Regulation (“GDPR”) was published May 4 in the Official Journal of the European Union (“OJEU”). As indicated in its Article 99, the new regulation will be applicable since May 25, 2018.