GDPR: Basic guide to adapt your business to the new regulation

Avoid problems and be in compliance with the new European data protection regulation as soon as possible
The new European Data Protection Regulation, better known as GDPR, entered into force on May 25, 2018, after being approved two years earlier. The main features of this regulation include new limits on how businesses process their customers' data, in response to issues caused by increased online data collection. Although the regulatory change requires an effort from businesses in order to enforce it, it also offers a chance to boost customer loyalty and promote a more transparent relationship with them.
Top banner Negocios Account Top banner Negocios Account
Negocios account
The account for your business without a maintenance fee.

The best tool to adapt to the GDPR: Facilita

The Spanish Data Protection Agency offers Facilita, a free tool that makes it easy for its clients to satisfy the requirements of the European Data Protection Regulation. The tool is simple and easy to use, since it deletes any data entered during the process and the Spanish Data Protection Agency can't access this information. By using a series of simple questions, Facilita determines if your business is already complying with the requirements of the new law, or if you should analyze the risks you are exposed to.

The main changes in the GDPR

In an effort to better protect the personal information of European citizens and to create a more transparent relationship between them and the companies that collect their data, the GDPR has introduced many new requirements. Some of the most important are:

  • Enhanced consent. The customer has to give clear consent if there is a chance that their personal data will be processed. Therefore, silence, previously checked boxes or inaction will not be valid forms of consent. When the data is processed for multiple purposes, consent must be given for each one.
  • Easily revoked consent. The Regulation removes all doubt as to whether consent can be revoked: it must be as easy to revoke consent as it is to give it.
  • Right to portability, which involves the right to transfer a customer's personal data to another company at the customer's request, in a structured, commonly used and machine-readable format. Portability entails the right to have the data transferred directly between data controllers.
  • Use of clear and understandable language in the various privacy clauses.
  • Reporting of security breaches. If personal information is breached, this violation must be reported to the AEPD, unless it is unlikely that said violation poses an actual risk. When this violation entails a high risk to the rights and freedoms of individuals, they must also be notified, unless measures are taken to eliminate the risk or if the effort required is disproportionate.
Center Banner Negocios Account Center Banner Negocios Account
BBVA for Self-employed workers and SMEs
An account aimed at self-employed workers and SMEs that need an account for their professional activity.

What companies are affected by the GDPR?

Any company that operates online is subject to this regulation, which is one of the strictest in the world in terms of managing data obtained from customers. The size of the company does not matter. Compliance with the GDPR is required for freelancers, SMEs and large companies with an online presence.

The consequences of violating the new GDPR are very serious since the amount of the fines has increased considerably to a maximum limit of €20 million, or 4% of a company's total turnover in the previous year, in the most serious cases.

CTA Negocios Account CTA Negocios Account
Companies - You might also be interested in Companies - You might also be interested in

You might also be interested in

  • We'll tell you the different criteria for classifying a company based on its size.
  • We explain how they help to establish how much tax each worker has to pay depending on their income
  • We'll tell you everything you need to know about this temporary strategic partnership.