Spain approves royal decree to overcome GDPR uncertainty

The Spanish government has approved a Royal Decree designed as a temporary measure to reconcile contradictions between existing Spanish data protection law and the GDPR.

While the UK, France, Germany, and Ireland have all passed new laws, such as the UK’s Data Protection Act 2018, to bring national law in line with the GDPR, Spain had not yet done so. Moves to put a Spanish data protection act into law have been held up in Spain’s parliament.

As a temporary measure, therefore, the Spanish government has approved Royal Decree-Law 5/2018, which contains urgent measures designed to reconcile contradictions between GDPR and existing Spanish data protection law.

The decree has three chapters. The first relates to data inspection and appoints an agency with this responsibility. The second relates to penalties, although under the decree, Spanish data protection officers are afforded some exemptions from the fines that GDPR imposes. The third chapter deals with proceedings in the case of a violation with different conditions depending on whether the violation was solely within Spain, involved parties from other regions that fall under the GDPR, or involved third parties from regions where the GDPR does not apply.

The inaugural Data Protection World Forum (DPWF) was held on November 20th & 21st 2018 at the ExCeL London and welcomed over 3,000 delegates seeking the very latest insight on data protection and privacy.

Pre-registration for DPWF 2019 will be opening in the coming weeks.