In the European Union, personal data protection represents a fundamental right. The General Data Protection Regulation (GDPR) 2016/679 regulates and monitors their usage.
As for Spain, in accordance with its own Constitution, and as an adaptation of the GDPR, it enacts Organic Law 3/2018 on Protection of Personal Data and Guarantee of Digital Rights (Ley Orgánica de Protección de Datos Personales y Garantías de los Derechos Digitales, or LOPDGDD).
The European Commission is currently proposing a new bill that would apply to all types of data within the EU. Data privacy regulations are abundant, and it is necessary to take precautions to avoid problems. But what precautions? How can data privacy problems be avoided in Europe? What about in Spain?
New European regulations on data privacy
It is important to highlight the regulation proposal that the European Commission has presented. This is the "Data Act," a legislative proposal that harmonizes rules on the fair use of and access to data.
The proposal aims to cover not only data that is currently regulated through the GDPR, but all data that is generated within the EU.
Some of the most important measures included in this new regulation are:
- Provisions that improve data portability, allowing companies or individuals to access and use the data generated on their devices.
- Measures to rebalance the negotiating capacity of SMEs in the context of data exchange.
- Regulations for data interoperability, facilitating changes of data service provider in the cloud.
- Mechanisms for empowering the public sector when accessing and using data held by private companies in situations of public interest.
The Data Act's measures are based on the GDPR and maintain thorough consistency with them, even making some improvements.
Recommended reading: Compliance with Pseudonymization According to the GDPR
Some of the most common penalties for non-compliance with data privacy legislation
The data protection regulations in force when it comes to the EU and Spain are the GDPR and the LOPDGDD, respectively. These regulations name the companies or data processors as those responsible for compliance.
Failure to comply with these measures, or the occurrence of personal data protection issues or digital privacy problems, lead to the responsible parties risking the following penalties:
- In the event of "very serious" violations, the penalty consists of:
- An administrative fine of a maximum amount of 20 million euros, or 4% of the annual turnover in the case of a company.
- For "serious" violations, the following penalty is applicable:
- An administrative fine, which may go up to 2% of the corporation's annual turnover.
- If the data protection issues are "minor," penalties may vary, for example:
- A fine of 5,000 euros was imposed on political parties for sending communications without the interested parties' express consent.
- Mobile device companies were fined 3,000 euros for failure to publish privacy policies on their websites.
- If a fine to be imposed on a natural person is disproportionate, the penalty may be changed to a warning only.
Real examples of companies fined for data privacy issues
These penalties are not mere illustrative provisions. From 2009 to the present day, data privacy issues have been duly penalized. For example:
- The Spanish Data Protection Agency fined BBVA 3,000,000 euros in 2020. This arose because BBVA sent SMS messages (direct marketing) without the consumers' express consent.
Read more: How to Protect Your Data With Data Masking
Pangea Masker: the perfect tool for avoiding data privacy issues
In the face of data privacy concerns, at Pangeanic we have developed an anonymization system based on artificial intelligence (AI). It is called Masker, and ensures compliance with privacy regulations and secure data storage and exchange.
Pangea Masker automatically identifies the data that can be used for personal identification. It then proceeds to replace this confidential information by applying various anonymization techniques according to the specific needs of the content and the company.
Masker can replace personal information by means of 4 types of data masking: with a generic label, a temporary identifier, blank spaces or with a solid black line.
Do you want to avoid data privacy issues? Are you concerned about complying with regulations? Pangeanic's anonymization software can be tailored to your needs and is compatible with the GDPR and other regulations. Together, we will create secure data exchange environments.