Complies with the Data Protection Law
Online LOPD / GDPR solutions for your company
Comprehensive service of LOPD consulting Y GDPR adequacy for your business. It complies with the regulations in the most efficient and economical possible with a totally tailored solution of the reality of your company.
Whether you are an SME or a large company
Agile software with minimal dedication time
We accompany you throughout the process
GDPR expert consulting
We analyze and advise you on the treatment in terms of Data Protection that is being done in your company.
With our feedback, you will know if you are complying with the law or if you need to make changes.
GDPR data protection law compliance
Your company may be applying the LOPD correctly, but does it comply with European regulations (GDPR)?
Get out of doubt with our GDPR adaptation service , focused on complying with European law.
What is the LOPD?
Since December 2018, the Spanish Law on Protection of Personal Data and guarantee of digital rights (LOPD) has been in force. The changes introduced by this law affect the majority of Spanish companies (small, medium and large).
LOPD makes it easier for citizens to exercise their rights of access, rectification, limitation of treatment, deletion, portability and opposition to the processing of your data.
It is also regulated how it should be reported to people about the processing of their data and entails a set of obligations for both those responsible and those in charge of the treatment.
All companies have the obligation to safeguard and control access to personal data contained in automated files.
What are the obligations of the Spanish data protection law?
To comply with the Organic Law on Data Protection we must:
Register the treatments performed.
Obtain consent expressly and through positive action.
Provide more information about the data processing (legal basis, maximum time of data conservation, identity of the Data Protection Officer, existence of automated decisions, international transfers ...).
Guarantee the exercise of the rights of access, rectification, deletion (right to be forgotten), limitation, portability, and opposition.
Update the privacy notices of the web to adapt them to both GDPR and Spanish data protection law, and be prepared to include them in contracts and forms.
In addition, we must enter into written contracts between those in charge of the treatment and those responsible, including the instructions from the person in charge to the person in charge in relation to security measures, the subcontracting regime, confidentiality and the destination of the data once the service has been provided.
What are the penalties for breaching the LOPD?
The sanctioning regime of the LOPD GDD maintains the classification of the old LOPD 15/1999, distinguishing between very serious, serious and mild, according to the degree of affectation of the data.
To apply one or another sanction too circumstances will be taken into account such as the continued nature of the offense, the link between the activity of the offender and the treatment, the effect on the rights of minors, etc.
Penalties of 300,000 to 600,000 euros
Those that suppose a substantial violation of the treatment and have to do with the use of the data for a purpose other than the one announced, the omission of the duty to inform the affected party, the requirement of a payment to be able to access the stored data or the international transfer of information without guarantees among others.
Penalties of 60,000 to 300,000 euros
Those that suppose a substantial violation of the treatment and have to do with data of a minor collected without consent, lack of adoption of technical and organizational measures necessary for the effective protection of data or, for example, the breach of the obligation to appoint the person responsible or data controller.
Penalties of 600 to 60,000 euros
The rest that are not included in the previous groups.
Do you need further assistance?
Tell us about your company and regulatory questions you may have to interview. We'll study your case to assess whether your company is compliant.
What is our LOPD consulting service?
Comprehensive analysis of the needs of your company
Personalized study of the types of data, systems, procedures and organization to determine the use, typology and scope of data processing what your company should do.
Execution of technical and organizational obligations
We propose solutions and take care of their implementation so that the company fulfill your obligations before the law: registration of treatment activities, review of clauses and contracts, review of procedures …
Assessment to determine if the figure of the DPO is necessary
Our legal compliance experts will determine if your company should designate a Data Protection Officer (DPO) . In that case, we will take care of all the administrative procedures before the AEPD.
Annual monitoring and security audit every 2 years
You will have at your disposal an Edorteam consultant for any query or report incidents. On a biannual basis, we will carry out an GDPR audit , to verify that your company continues to comply with the law.
Includes LOPD Online management software
LOPD Online is a cloud management platform from where you will manage all the documentation regarding the protection of your company’s data:
Manage the Security Document
Generate confidentiality agreements and other contracts
Quickly report about security issues
Always keep the record of I / O media up to date
Advantages for your business
100% online service, documentation always updated and available
Direct communication with your Edorteam GDPR expert consultant
Regular audits and training by our specialists
The comfort of being GDPR compliant
Differences between LOPD and GDPR
Organic Law on Data Protection (LOPD)
It is the law that regulates Personal Data Protection in Spain, and affects all companies, since to a greater or lesser extent, they all store personal information.
A company will face penalties from € 900 to € 600,000 in case of non-compliance.
General Data Protection Regulation (GDPR)
Normative european approved with the aim of unifying all its member states in matters of Data Protection.
Although our country has its own legislation (the LOPD), the GDPR should also be taken as a reference standard while a new LOPD that takes into consideration the GDPR is not approved.
If you want more information about GDPR, click on the following link.
In accordance with LOPD and GDPR, all companies must maintain basic procedures that ensure the protection of personal data contained in automated files , for example:
- Data of your customers, employees and suppliers
- Lists to carry out marketing campaigns
It continues to comply with the LOPD, also in the case of teleworking
Did you know that in October 2020 the Royal Decree-Law on remote work (RD 28/2020)?
As a fundamental point, it is established that working from home the same protection measures must be applied of data and information security than in the office, under risk of breaking the LOPD. With cloud or remote desktop solutions, you have to avoid applications that do not offer guarantees and may give rise to the exposure of personal data of workers, clients and other private information.
With the advice of our legal consulting department, with more than 25 years of experience, we guarantee that your company will comply with the obligations established in the LOPD and GDPR. We adapt to the reality of your business.
Is your company complying with the Telework Law?
The Royal Decree-Law on remote work entered into force in October 2020.
Download our e-book and discover what measures you should apply in terms of data protection and information security.
Avoid these and other sanctions with a Compliance plan
A security breach in personal data stored, either involuntary or caused by one of your workers, will be a reason for harsh penalties to your company.
Having a Compliance program can avoid this.