The Súmate Marketing Online blog will offer various interviews and articles on this subject. Today we begin by interviewing the lawyer Carmen Mateas , founder of the renowned Madrid law firm Mateas Abogados , specializing in digital and technological law . Mateas held management responsibilities in the legal field at operators such as Belgacom, Retevisión and Orange, and chaired the Andalusian Committee for the Knowledge Society. In the last decade, from her specialized office she has bulk sms austria advised clients from several countries on digital compliance matters , and regarding the European regulatory framework and those of France, Poland or the United Kingdom.
In general terms, what are the characteristics of this new European data protection regulation?
Compared to the previous regulations, the GDPR:
It strengthens harmonisation in the European Union (EU) in terms of data protection, as it replaces the sometimes inconsistent patchwork of national laws that transposed the previous Directive with a single rule that is directly applicable in all Member States. In this sense, those data controllers operating in several jurisdictions within the EU will have greater legal certainty and, in addition, will benefit from a one-stop-shop mechanism in their relations with data protection authorities in the case of cross-border processing.
It establishes stricter requirements for consent to the processing of personal data and new obligations, the non-compliance of which can lead to very significant fines. The regulation thus adapts to the technological context of an increasing use and monetization of personal data, from the objective of protecting the fundamental rights of natural persons in relation to such data.
It extends its territorial application to companies not established in the EU when the processing is related to the offer of goods or services or the monitoring of the behaviour of individuals in the EU (regardless of where the processing takes place).
In particular, what implications will this have for companies that primarily sell online?
The new obligations of data protection “by design and by default” are highlighted. That is, from the moment the means of processing are determined, the controller must adopt technical and organisational measures to ensure compliance with the GDPR , and also be able to demonstrate it. It must also technically guarantee that only the personal data necessary for the specific purpose for which consent was obtained are processed.
This will then affect the online stores themselves…
Yes, the design of online stores must guarantee compliance with the Regulation. If there is a data processor, the one chosen will be the one who offers sufficient guarantees of applying these same technical and organizational measures so that the processing complies with the Regulation.
