Data protection inspections via videoconference
Data protection inspections via videoconference
Data protection inspections by videoconference are now a reality.
As Business Adapter already reported a year ago, it was a matter of time and finally dated May 9, 2023, has been published in the Official State Gazette, the modification of the Organic Law 3/2018, of December 5, on the Protection of Personal Data and Guarantee of Digital Rights(LOPD-GDD).
Specifically, in the recently approved article 53 bis, the Spanish supervisory authority, the Spanish Data Protection Agency(AEPD), is empowered to carry out remote investigations through digital systems.
The use of these technological systems will take place when determined by the AEPD and will require the conformity of the inspected party in relation to its use and the date and time of its development.
Technological evolution
Although inspections will continue to be carried out in person, the digitalization of things and the technological evolution makes this measure understandable and expected.
However, this measure does not come as a surprise to Business Adapter® customers, since in recent times, videoconferencing activities have been carried out and have served as training, which will allow the necessary training to approach this type of inspections with total guarantee. This will allow the necessary training to approach this type of inspections with total guarantee.
To complement this training, we emphasize the need to digitize the documentation that proves compliance with data protection regulations, in order to speed up the investment of customers’ time in control actions and, above all, to avoid a possible remote inspection.
More modifications to the LOPD-GDD
But there are more updates in the LOPD-GDD, because although its entry into force is relatively recent, (December 5, 2018) and effective in its application, along with the RGPD, that does not exempt it from being able to be improved or modified in favor of improving and ensuring the protection of our personal data.
The updates are contained in the different amendments established in Law 11/2023, of May 8, on the transposition of European Union Directives on the accessibility of certain products and services, migration of highly qualified persons, taxation and digitalization of notarial and registry proceedings; and amending Law 12/2011, of May 27, on civil liability for nuclear damage or damage caused by radioactive materials.
Specifically, the ninth final provision points out the amendments to the Organic Law as a result of the correction of errors of the GDPR on March 4, 2021.
The most significant changes of this modification are the following:
Article 50:
Elimination of the warning from the list of sanctions to be imposed on those responsible and in charge, replacing it with the issuance of a requirement.
Article 48.2:
In the internal structure of the AEPD, powers are granted to the person in charge of the management body that carries out the inspection functions to replace the Presidency in cases of substitution, vacation periods and/or illness, a circumstance that was not previously contemplated, since the delegation of these powers by the Presidency was not regulated (art. 48.2).
Article 65.6:
A new case is contemplated in which, after having admitted a complaint for processing, if the controller or data processor proves to have adopted measures for compliance with the applicable regulations, the AEPD may resolve to file the complaint, when in the specific case there are circumstances that advise the adoption of other more moderate solutions or alternatives to corrective action, provided that no prior investigation actions or any of the procedures regulated by the organic law have been initiated.
Article 67.2:
–From 9 to 12 months the maximum duration of the sanctioning procedure,
–From 12 to 18 months that of the preliminary investigation proceedings
Twenty-third additional provision
Establishment of complaint models before the Agency in all the areas in which it has competence, which will be of obligatory use for the interested parties regardless of whether or not they are obliged to relate electronically with the public administrations. The models will be published in the ”Official State Gazette” and in the Electronic Headquarters of the Spanish Data Protection Agency and will be mandatory one month after their publication in the ”Official State Gazette”.
Business Adapter® at your service for data protection inspections
If you need advice, contact us by email: info@businessadapter.es, you can also call 96 131 88 04, or leave your message in this form:
[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]Contact us, we will be pleased to help you.[/su_button]