Are legal texts and their implementation included in the development of my website?
Compliance with the regulations involves designing your processes and systems with data protection in mind. The implementation of the regulations and the creation of the necessary legal texts after studying your website and its activity, in general, are independent of the development of your website. It is a one-time payment; however, some development plans do include it. Support plans also offer the option to include revisions of the aforementioned to ensure everything is up to date.
What is the Organic Law on Data Protection and Guarantee of Digital Rights?
The new Organic Law 3/2018 on Data Protection and Guarantee of Digital Rights (LOPDGDD) was approved on December 6, 2018. This law adapts Spanish legal system to the General Data Protection Regulation (GDPR) and develops and completes its provisions. Additionally, the Law recognizes and guarantees a new set of digital rights for citizens in accordance with the mandate established in article 18.4 of the Constitution.
What is the General Data Protection Regulation (GDPR)?
The Community Regulation no. 2016/679 of April 27, 2016 (GDPR) is the most relevant standard adopted in recent years in the field of privacy. However, entities have a two-year period from the publication of the Regulation to adapt to this new standard. Specifically, it will be applicable from May 25, 2018.
Who is required to comply with these laws and regulations?
This regulation affects legal entities and individuals who are responsible for personal data, i.e., those who deal with data from customers, patients, website users, employees, suppliers, etc.
Those who must comply with LOPDGDD include: Companies, self-employed individuals, homeowner associations, associations, public bodies, website/blog owners, etc.
Exemptions include: Individuals who exclusively engage in domestic or personal activities.
How long does it take to have a website adapted to this regulation?
It depends on the complexity of the website and the activities it engages in. Typically, a minimum of 72 hours and on average approximately one week. If the development plan includes legal texts or if you contracted it during the development of your website, the website will be published when everything is correctly implemented and adapted to the regulation.
What is the procedure to follow to comply with this regulation?
First, the starting situation will be evaluated by analyzing the current data procedures. We will request the latest audit report (if any), as well as the security document.
Then, the data processing activities, the current data architecture, processes, and risk controls will be analyzed. For this, we will conduct a survey by phone or email.
Finally, the necessary measures will be implemented: Documenting and identifying data processing activities, conducting Impact Assessments if necessary, drafting the necessary documentation, developing a detailed data protection policy, as well as defining a compliance standard, implementing web design and development taking the necessary measures, and publishing the texts.
Is the cookie notice mandatory?
The cookie notice is mandatory, and it must be implemented correctly. Not just any notice will suffice. We understand that visually it may not be the most pleasant or convenient, but that's what the regulations require.
What legal texts are drafted?
The legal notice with terms of use and conditions, privacy policy, and cookie policy. In addition to including their correct design and implementation on the website, individual pages with each legal text published clearly, cleanly, and concisely are also included.
Can I hire another company or can you use what we already have?
No problem at all. If you prefer to hire another company to draft your legal texts or if you already have them, whether for website maintenance if it already exists or for a new project, we will continue to implement what is necessary in design and development to ensure everything is correct. Therefore, obviously, we would not charge for the drafting of the texts, only their implementation.