The main changes introduced by the Regulation are the following:
- Principle of proactive responsibility . Organizations must have a conscious, proactive and diligent attitude regarding all the processing of personal data that they carry out, which will oblige the controller to apply the appropriate technical and organizational measures to guarantee and demonstrate that the treatment is done in accordance with what the Regulation requires.
- The Consent must be an express and affirmative action on the part of the affected party, instead of the previously existing tacit acceptance.
- Beyond the Rights recognized by the LOPD to the holders of the data (Access, Rectification, Cancellation and Opposition), the new Regulation also provides for Access and Rectification , but also regulates the rights to Portability of the data. data, the Limitation of Treatment and the Right to Oblivion.
- A Record of Activities of data processing for each entity should be prepared, with a broader content than the files that were registered in the LOPD.
- It will be obligatory to inform, in a maximum of 72 hours, the controlling authority of the security failures in the matter of personal data, documenting the error, its effects and the corrective measures adopted.
- The figure of the Delegate for Data Protection (DPD) assumes a special relevance and will be mandatory for public bodies, and companies that either have to process sensitive data for their main activities, or make a habitual and systematic observation of people on a large scale.
- Finally, we must not forget that the new sanctions may reach up to 20 million euros or 4% of the turnover of the previous year.
You can find detailed information in the link: AGPD Regulation