“The actions of the Spanish Data Protection Agency are
an opportunity for companies to self-analyze and improve their data management systems”
Madrid, June 13th, 2019. PONS IP, a global firm specializing in comprehensive advice on intellectual property and new technologies, has held in the headquarters of the PONS Foundation a conference with the participation of the Spanish Data Protection Agency (AEPD) to analyze, one year after its entry into force, the degree of compliance with the current legislation on data protection in the business environment and address the legal framework of activities closely linked to the processing and management of personal data such as marketing and labor relations.
Currently, and according to CIS data, one in three Spaniards (76%) recognizes that they are “quite or very concerned” about the protection of their personal data. The figure, as explained by the general manager of PONS IP, Nuria Marcos, “is a clear reflection of the existing concern in society regarding the processing of personal data, and, thanks to the GDPR, companies have managed to mature and greatly improve their data management systems”.
During the first year of application of the General Data Protection Regulation (GDPR), 14,397 claims were filed with the AEPD and 966 security breaches were notified. For the Assistant Director-General of Data Inspection, Pedro Colmenares Soto, the AEPD’s actions when faced with complaints or notifications of security breaches “are an opportunity to exercise self-criticism, self-analysis, and improvement of the company’s data management systems. In our opinion, it is also essential to assess the diligence and proactivity of the liable party in order to delimit the responsibility of the possible offender before initiating a sanction procedure”. From the AEPD, Colmenares said: “We prioritize action on poorly designed and implemented management processes rather than on specific situations or errors, sometimes arising from human factors”
Estrella Arana, a lawyer with the Legal Department of PONS IP dedicated her intervention to a key issue such as labor relations and the management of personal data between company and employee. For the PONS IP expert, “the new GDPR incorporates the recognition of the right to digital disconnection in the workplace, but this is not always easy for companies to implement. In addition, there are other issues such as the recording of time control, the use of video-surveillance systems or control through geolocation devices. All this entails weighing the legal obligations of companies against the right to privacy of their employees”.
Begoña Brown, a lawyer in the Legal Department of PONS IP, presented solutions to the new challenges faced by realities such as Big Data or the adequate administration and protection of social networks, as well as the activity and presence of the figure of the Data Protection Delegate (DPD) in Spanish companies. “One of the main challenges faced by marketing departments, with the entry into force of the General Data Protection Regulations, has been to overcome the decline of their databases. PONS IP considers that this challenge represents an opportunity to (i) create greater trust in customers and (ii) obtain a competitive advantage in the market through new marketing strategies”, said Moreno.
The day ended with a debate, moderated by the “Of Counsel” at PONS IP, José Carlos Erdozain, to address key issues in the proper implementation of an adecuate data protection policy in companies where they called for a greater commitment to the implementation of measures to establish a “security culture” among workers, the need to value the figure of the Data Protection Officer, and the importance of technology as an “ally” to ensure a higher level of security against growing cyber attacks. The table counted with the expertise of Pedro Colmenares Soto, Assistant Director-General of Data Inspection at the AEPD, Jesús Sánchez, CEO Audea and es-cyber, David Moreno del Cerro, Head of Technology TENDAM Global Fashion Retail and Gloria Rodriguez Marble, Data Protection Officer and Legal Advisor at the San Pablo CEU University Foundation.