FAQ Data Protection

If the file manager is not established in Spain, he must comply with the obligations of the Data Protection Law if, pursuant to the regulations of Public International Law, a treaty with the country of origin of the file manager states that said laws must be complied with. If no such treaty exists, he would have to comply with the obligations of the Data Protection Law if he uses data processing methods located in Spain, providing these are not being used merely for transit purposes.

If the personal agenda strictly refers to personal or domestic activities, the law would not be applicable however, if it concerns and individual who keeps an agenda with information regarding third parties and this is used for business purposes, then the law would be applicable.

The data protection law does not apply to people who have passed away, however, the treatment of data of persons who have died may be, depending on each specific case, a violation of the quality of the data; notwithstanding that the incorrect treatment of this information could breach Organic Law 1/1982 of 5 May on civil protection of the right to honour, personal and family privacy and image or could lead to other civil or criminal liabilities. The data protection law does not apply to people who have passed away, however, the treatment of data of persons who have died may be, depending on each specific case, a violation of the quality of the data; notwithstanding that the incorrect treatment of this information could breach Organic Law 1/1982 of 5 May on civil protection of the right to honour, personal and family privacy and image or could lead to other civil or criminal liabilities.

Article 3 of the Data Protection Law defines a file as any structured set of personal data however they are created, stored, organized and accessed.

During the normal working day of any organization we can come across a number of physical files (such as: expenses, personnel, payslips, sick notes...) that have the same purpose (human resource management) therefore becoming one sole logical file according to the definition of the Organic Law of Personal Data Protection.

The security manager is a role created by the Regulations for Security Measures and is aimed at coordinating and controlling the measures defined in the security document.

The security manager is not personally responsible in any case for the infringements of the file manager; he shall only be responsible for his own acts if these result in other civil or criminal liabilities.