Close this search box.
Close this search box.
The GDPR, one year later
The GDPR, one year later

Share the news:

May 25, 2018 is a relevant date in regard to the processing of personal data, as the General Data Protection Regulation (GDPR) began to be directly applicable in the European legal system.


The GDPR updates the rights already recognized in Directive 95/46/EC, incorporates new rights adapted to the digital environment and establishes new obligations arising from the need to meet the challenges of the digital society, characterized by:

• Internet connectivity, which leads to greater intrusion by different operators into the private sphere of data subjects.

• The greater presence of artificial intelligence in everyday life, as well as the increase of Big Data Projects.

• The concentration of information society service providers into a small group of players in dominant market positions, whose business model is based on offering free services that monetize users' personal information.

The challenges mentioned above give rise to the need to reconcile technological development and innovation with adequate protection of the rights of European citizens.

The application of the GDPR implies the existence of greater control measures over entities that process personal data, as well as an impulse for awareness-raising and training in this area.

Currently, according to CIS data, 76.1% of Spanish population are very or fairly concerned about the protection of their personal data. This figure is a clear reflection of society's concern about the processing of their personal data.

As a consequence of the GDPR, on December 6, 2018, Organic Act 3/2018 of December 5, on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), was published in the Official State Gazette (BOE), introducing several changes, such as the right to digital disconnection and developing further some of the contents of the GDPR.

The incorporation of both texts in the applicable regulatory framework entails the introduction of significant changes in the Spanish legal system, granting greater rights to citizens and posing great challenges for companies that process personal data.

Among all the changes introduced by the new regulations into the legal system (registration of processing activities, new rights for data subjects, obligation to notify security breaches, carrying out impact assessments, appointment of a Data Protection Officer, etc.), the principle of proactive liability established as a new obligation for data controllers by the GDPR stands out.

The principle of proactive liability entails a change of mentality, demanding a conscious, diligent and proactive attitude on the part of the entities with regard to all the processing of personal data that they carry out. In particular, the controller must anticipate risks by applying appropriate technical and organizational measures to ensure and be able to demonstrate that processing is carried out in accordance with the standard.

Another change that has arisen concern among entities whose business involves the processing of personal data, is the increase in the amount of sanctions for non-compliance. Sanctions can reach up to 20 million euros or 4% of the annual global turnover.

Finally, it is important to point out that the changes established by the aforementioned regulations mean that business models that have not been able to adapt to the new market rules will be outdated. However, business models that have seen an opportunity in the new regulation will enjoy a competitive advantage in the market. 


Begoña Moreno Pérez. Attorney, Legal Department PONS IP.

Estrella Arana Gálvez. Attorney, Legal Department PONS IP.

Download PDF



Some of the journalistic articles included in this website are protected by Copyright. If you wish to carry out the reproduction, distribution, public communication or transformation, in any medium and in any way, of any article with the employees of your company or with external personnel, contact CEDRO to obtain your own authorization ( /

If you liked this content, share it:

Listen to our podcast

“Invention Privileges”

episodio 2
Las marcas en la nueva economía digital
El segundo episodio de nuestro podcast “Privilegios de Invención” está dedicado a uno de los derechos de propiedad industrial más...
episodio 1
Patentes Biotecnológicas
El primer episodio estará dedicado a uno de los grandes campos de la innovación a nivel mundial, uno de los...


All the IP News

in your e-mail

Find out all the latest information on IP to boost the development of your organisation.

Subscribe to our bimonthly newsletter

In compliance with the provisions of the GDPR, the following is informed: Controller: PONS IP, S.A. (A-28750891). Purposes: send of electronic marketing communications related to the activities and services offered by PONS IP. Legitimation: Consent of the interested party [art. 6.1.a) GDPR]. Rights: Access, rectify, delete, limit, or oppose the treatment, request portability and revoke the consent given by sending an email to, including as a reference "EXERCISE OF RIGHTS". More information.

International Awards

and Recognitions

International Awards and Recognitions