Close this search box.
Close this search box.
“Data protection is no longer static and must be embedded in the entire corporate structure”
"Data protection is no longer static and must be embedded in the entire corporate structure"

Share the news:

Jornada RGPD

Two months after the implementation of the General Data Protection Regulation across the European Union, many organizations are considering what specific measures they should take to comply with the regulations, which will be applicable from 25 May onwards. For this reason, PONS IP held a meeting to review the main news on the GDPR and its practical application in various types of companies. José Carlos Erdozain, legal director at our firm, and Paula García, a lawyer expert in data protection, clear the doubts of the audience, as well as of those who followed us live on YouTube.

Among the changes introduced by the regulation, the principle of accountability for all organizations processing personal data, irrespective of their size, was highlighted. Also, the new definition of the consent of individuals when collecting their data, requiring a clear affirmative action on their part. “Companies will need to be able to prove that the user has said ‘yes’. We will have to analyze if in all cases this means checking a box or if there will be situations that can be interpreted as express consent,” Garcia said.

Erdozain addressed one of the questions that concerns employers the most: Am I obliged to renew the consents already obtained for the processing of data? Our legal director believes that prudence should be prioritized, so it should be checked whether the previous consents comply with the new regulations. If this is not the case or when in doubt, it recommends renewing them to avoid sanctions, which have also been tightened by the new regulation. “We must think that the GDPR no longer admits silence or inaction by individuals as a form of consent,” he said.

They also discuss one of the most striking measures of the Regulation: The need to implement a Data Protection Officer in some companies. But, as the speakers made clear, the DPO will not be necessary in all cases. Public authorities and bodies (with the exception of courts), as well as organizations that process special categories of data on a large scale, will be obliged to appoint one. Among the companies considered as “special cases” as regards the DPO position, the case of advertising and commercial prospecting entities, health centers, electronic communication networks and services, insurance companies, electricity distributors and marketers, and professional associations, among others, were highlighted.

The speakers were also reminded that the Regulation introduces new rights, such as the right to be forgotten, the right to data portability and the new regulation of ARCO rights: Access, Rectification, Cancellation (now defined as deletion) and Opposition rights. All these new developments imply a greater dynamism and importance imprinted on Data Protection in the EU, forcing entities to take it into account in the design of their structural and business plans. In addition, the regulation also applies to undertakings not located in the territory of application if they offer goods and services to citizens resident in such territory. There are still some aspects to be clarified which, according to the experts, will be developed by the future Spanish Organic Law on Data Protection, which will presumably not be approved before the application of the GDPR.

In short, and as our experts remind us, the new RGPD requires the data protection culture to become an intrinsic element of all business activities, demanding greater responsibility and effort from everyone.

Some of the journalistic articles included in this website are protected by Copyright. If you wish to carry out the reproduction, distribution, public communication or transformation, in any medium and in any way, of any article with the employees of your company or with external personnel, contact CEDRO to obtain your own authorization ( /

If you liked this content, share it:

Listen to our podcast

“Invention Privileges”

episodio 2
Las marcas en la nueva economía digital
El segundo episodio de nuestro podcast “Privilegios de Invención” está dedicado a uno de los derechos de propiedad industrial más...
episodio 1
Patentes Biotecnológicas
El primer episodio estará dedicado a uno de los grandes campos de la innovación a nivel mundial, uno de los...


All the IP News

in your e-mail

Find out all the latest information on IP to boost the development of your organisation.

Subscribe to our bimonthly newsletter

In compliance with the provisions of the GDPR, the following is informed: Controller: PONS IP, S.A. (A-28750891). Purposes: send of electronic marketing communications related to the activities and services offered by PONS IP. Legitimation: Consent of the interested party [art. 6.1.a) GDPR]. Rights: Access, rectify, delete, limit, or oppose the treatment, request portability and revoke the consent given by sending an email to, including as a reference "EXERCISE OF RIGHTS". More information.

International Awards

and Recognitions

International Awards and Recognitions