Blog details

Comparison between new LOPD and GDPR

Comparison between new LOPD and GDPR

Key differences between Spanish Data Protection Law and GDPR

Spanish Data Protection Law (hereinafter, LOPD 2018) came into force on December 6th  and Aphaia has analysed it in order to highlight how it differs from the GDPR, whilst  identifying the main provisions made for how GDPR applies in Spain.

Deceased persons

While GDPR states that it does not apply to the personal data of deceased persons, LOPD 2018 entitles heirs and relatives to exercise all the applicable rights under GDPR, unless specifically restricted by the data subject or Law.

Liability for inaccurate data

LOPD does not make the controller responsible for inaccurate data according to Article 5.2 GDPR when it has been collected directly from the data subject, an intermediary where applicable, another controller via the right to data portability or a public register.

Children’s data

Based on Article 8.1 GDPR provision, LOPD 2018 deems as lawful the processing of personal data of a child without the consent or authorisation by the holder of parental responsibility over the child, where the child is at least 14 years old.

Public interest as a lawful basis for processing

Any data processing based on public interest shall be by virtue of Law.

Special categories of personal data

According to LOPD 2018, the sole data subject’s consent will not be enough to process data revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or sexual orientation.

Furthermore, LOPD 2018 limits the mandatory information to be provided to the data subject at the moment of collecting the data, establishes a six-month timeframe as the reference period for considering as excessive a request and states that the retention period for data derived from CCTV systems will be one month.

Do you require assistance with GDPR and Data Protection Act 2018 compliance? Aphaia provides both GDPR adaptation consultancy services, including data protection impact assessment, and Data Protection Officer outsourcing.

Prev post
IoT and Privacy, are we ready?
December 7, 2018
Next post
Diferencias entre la nueva LOPD y el RGPD
December 14, 2018

Leave a Comment