Auratech Legal Solutions

Amendment to Spain’s Data Protection Act: Key Points for Companies

The amendment to Spain’s Data Protection Act updated relevant aspects of Organic Law 3/2018, especially in relation to the Spanish Data Protection Authority, procedural rules and the role of warnings as corrective measures.

For companies, the practical message is not that all GDPR obligations have changed, but that data protection compliance must be kept up to date and aligned with current procedures and regulatory criteria.

Which law amended the Spanish Data Protection Act?

The amendment is reflected in the consolidated version of Organic Law 3/2018 in the Spanish Official Gazette. The Spanish Data Protection Authority explained in its note on the amendment to the Data Protection Act that warnings should be treated as corrective measures rather than sanctions.

Main points

What companies should review

Companies should keep their compliance framework updated: lawful bases, records of processing activities, processor agreements, breach procedures, privacy notices and data subject rights processes.

Internal policies should also reflect current business practices, including corporate email, video surveillance, geolocation, remote work, artificial intelligence, cookies and technology providers.

Common mistakes

Conclusion

The amendment does not change the core of GDPR compliance, but it confirms that data protection is a living framework. Companies should keep documents, procedures and security measures aligned with their actual processing activities.

Exit mobile version