Concepts, principles and mechanisms that govern personal data in the EU

On June 7 this webinar took place, with the participation of 134 attendees. Alberto Couto, from the firm Arochi & Lindner of Madrid, referred to the fact that on May 25, 2018 began the effective application of the European General Regulation for the Protection of Personal Data (RGPD) by means of which the professional and/or commercial treatment of all the information on all identified or identifiable individuals is regulated.

Among its major innovations is the extension of the territorial scope of application. Thus, irrespective of whether the person in charge of processing personal data is located or not in the European Union (EU), the RGPD will be applicable to him as long as he directs the offer of his goods or services to interested parties in the EU (in exchange for a payment or not) or carry out the control of its behavior to the extent that it takes place in the EU.

In these cases, those responsible for processing personal data must designate a representative in the EU, provided that i) the treatment they do is not timely or ii) refers to categories of data that may involve a risk to the rights and freedoms of individuals (for example, treatments that deal with the health of people or that involves the processing of biometric or genetic data thereof) or iii) consist of profiling or in the use of massive data type analysis techniques or especially invasive technologies for privacy such as those related to geolocation or large-scale video surveillance.

Among the general and externally discernible obligations, the requirement that the data is consented to by the data subject must be informed at the time of physical or telematic collection in the terms set forth in article 12 RGPD about such extremes as identity of the data controller, the specific purposes for which the data is collected or the communications that will be made of them.

Internally, those responsible for the treatment must be prepared to facilitate and respond within a month to any exercise of rights by the owners of the data. The traditional rights of access, rectification, deletion and opposition are added rights such as limitation of treatment, portability of data and the right to automated individual decisions.

The facilitation and response to the exercises of rights requires from the practical point of view the adoption of a series of internal protocols among which, in this case already by legal imperative, should be included the register of treatment activities and the adequate security measures for the rights and freedoms of the holders of the data.

In the cases of profiling, the use of massive data-type analysis techniques or particularly invasive technologies for privacy, such as those related to geolocation or large-scale video surveillance, it will be necessary to carry out an impact assessment of the processing operations in the protection of personal data.


Speaker:  Alberto Cuoto


To hear this Webinar, please click here:


ASIPI 2023. All rights reserved. Registered Trademark
Privacy use policies