Spain approves royal decree to overcome GDPR uncertainty

The Spanish government has approved a Royal Decree designed as a temporary measure to reconcile contradictions between existing Spanish data protection law and the GDPR.

While the UK, France, Germany, and Ireland have all passed new laws, such as the UK’s Data Protection Act 2018, to bring national law in line with the GDPR, Spain had not yet done so. Moves to put a Spanish data protection act into law have been held up in Spain’s parliament.

As a temporary measure, therefore, the Spanish government has approved Royal Decree-Law 5/2018, which contains urgent measures designed to reconcile contradictions between GDPR and existing Spanish data protection law.

The decree has three chapters. The first relates to data inspection and appoints an agency with this responsibility. The second relates to penalties, although under the decree, Spanish data protection officers are afforded some exemptions from the fines that GDPR imposes. The third chapter deals with proceedings in the case of a violation with different conditions depending on whether the violation was solely within Spain, involved parties from other regions that fall under the GDPR, or involved third parties from regions where the GDPR does not apply.


European Data Protection Summit will take place on June 3rd in Central London and will play host to 800 DPO’s, Security Professionals and senior business decision makers looking for; information, updates, clarity, advice and solutions. For more information, visit the website.

We have been awarded the number 1 GDPR Blog in 2019 by Feedspot.