LOPD Web: Keys to the new General Data Protection Regulation
Posted: Tue Jan 21, 2025 3:36 am
If you have a website, this article about LOPD and websites is of great interest to you. Because as of May 25, 2018, the Data Protection Regulation that came into force in the European Union in 2016 will be mandatory. The European authorities had given a period of two years for companies to adapt to the new regulations and as of the 25th of this month, those who do not comply will face hefty fines. Believe it or not, data protection also concerns you, since if you have a simple subscription or contact form on your website, you are already handling user data.
It sounds intimidating, I know, but after reading this post I hope you have a better idea of how to deal with the new LOPD .
LOPD, GDPR and RGPD, are they the same?
The first thing is to clarify the terms.
Until now, everything related to data protection in our ios database was included in the LOPD (Organic Law on Data Protection), in force since 1999. But two years ago, the European authorities decided that it was best to make a data protection law that was the same for all states in the Union. This is how the General Data Protection Regulation was created, which you will also find as RGPD, General Data Protection Regulation or GDPR.
A mess, indeed, but it is enough to know that RGPD and GDPR are the same thing, and it is the regulation that replaces the LOPD (that is why many call it the new LOPD).
What is the GDPR?
Companies have had two years to adapt, but many have not done so. If you have not yet caught up, I will briefly explain the main changes:
Information: You must make clear the legal basis for data processing and how long it will be stored.
Data that can be stored: users can only be asked for data that is essential for the provision of the service.
Consent: To use a user's data you must have their express and verifiable consent.
Logging: You should keep a log of data, for example, recording how many times your site's cookies have been accepted.
Right to be forgotten: you are obliged to delete a user's data if he or she asks you to do so or if you have obtained it illegally.
Right to portability: Users have the right to request that you deliver their data to them or send it to another company or provider if they so request.
It sounds intimidating, I know, but after reading this post I hope you have a better idea of how to deal with the new LOPD .
LOPD, GDPR and RGPD, are they the same?
The first thing is to clarify the terms.
Until now, everything related to data protection in our ios database was included in the LOPD (Organic Law on Data Protection), in force since 1999. But two years ago, the European authorities decided that it was best to make a data protection law that was the same for all states in the Union. This is how the General Data Protection Regulation was created, which you will also find as RGPD, General Data Protection Regulation or GDPR.
A mess, indeed, but it is enough to know that RGPD and GDPR are the same thing, and it is the regulation that replaces the LOPD (that is why many call it the new LOPD).
What is the GDPR?
Companies have had two years to adapt, but many have not done so. If you have not yet caught up, I will briefly explain the main changes:
Information: You must make clear the legal basis for data processing and how long it will be stored.
Data that can be stored: users can only be asked for data that is essential for the provision of the service.
Consent: To use a user's data you must have their express and verifiable consent.
Logging: You should keep a log of data, for example, recording how many times your site's cookies have been accepted.
Right to be forgotten: you are obliged to delete a user's data if he or she asks you to do so or if you have obtained it illegally.
Right to portability: Users have the right to request that you deliver their data to them or send it to another company or provider if they so request.