The General Data Protection Regulation (GDPR) came into force on May 25, 2018. Although it was not the first regulation in Spain around data protection, as there were two previous ones, the LORTAD of 1992 and the LOPD in 1999, this new regulation meant a change in the compliance model.
The GDPR brought with it a new way of conceiving the protection of personal data. It was a regulation that changed forever the conception of data protection and of a fundamental right such as privacy
. It also made Europe a world pioneer in this legislative field. Until then, companies had limited themselves to complying with a series of specific legislations that regulated the treatment of this type of data within their business activity.
However, the GDPR required companies to go beyond mere compliance by developing a genuine data protection risk management strategy.
Four years later, it is a good time to take stock and analyze how Spanish companies have adapted to this new legal framework.
For this we have two experts in the area of privacy and data protection from PKF Attest, Javier Lizarralde and Mariano Arostegui:
