Spain approves royal decree to overcome GDPR uncertainty

The Spanish government has approved a Royal Decree designed as a temporary measure to reconcile contradictions between existing Spanish data protection law and the GDPR.

While the UK, France, Germany, and Ireland have all passed new laws, such as the UK’s Data Protection Act 2018, to bring national law in line with the GDPR, Spain had not yet done so. Moves to put a Spanish data protection act into law have been held up in Spain’s parliament.

As a temporary measure, therefore, the Spanish government has approved Royal Decree-Law 5/2018, which contains urgent measures designed to reconcile contradictions between GDPR and existing Spanish data protection law.

The decree has three chapters. The first relates to data inspection and appoints an agency with this responsibility. The second relates to penalties, although under the decree, Spanish data protection officers are afforded some exemptions from the fines that GDPR imposes. The third chapter deals with proceedings in the case of a violation with different conditions depending on whether the violation was solely within Spain, involved parties from other regions that fall under the GDPR, or involved third parties from regions where the GDPR does not apply.


The inaugural Data Protection World Forum (DPWF) will be held on November 20th & 21st 2018 at the ExCeL London which will provide a broader focus across the data protection and privacy space amidst the progressive tightening of global data protection laws.

Ahead of the end of year event, DPWF has launched a series of intensive workshops.

Further information on the DPWF and workshop details are available at: https://www.dataprotectionworldforum.com/