We often assume that compliance with data protection regulations is unnecessary for our business, or that the measure we already have in place are sufficient.

However, for example, have you ever considered what might happen if one of your customers complains because they haven’t been properly informed about how their personal data is being used? Do you know how to inform them correctly? What if they request to exercise a right, such as accessing their data? Do you know what actions to take?

Or, what would happen if an employee shares your customers’ data without their consent? Are you confident that these aspects are properly regulated within your company?

Below are a series of questions we recommend you consider in the day-to-day operation of your business, to ensure compliance with the relevant regulations.

Remember that penalties for non-compliance can range from 2% to 4% of your turnover – which is no small amount!

Key considerations:

• When issuing an employment contract, do you provide your employee with a clause that properly informs them about how their data will be used, and whether you carry out processing activities such as access registration, time recording, biometric controls, or the processing of their image via CCTV?

• Along with the employment contract, do you also provide details on the IT resources you supply, informing employees that these belong to the company and that they must follow good data protection practices?

• Do you work with suppliers who have access to your employees’ or your customers’ data? Are you aware that you must follow specific guidelines when contracting or collaborating with these suppliers to ensure compliance with the law?

• Does your website comply with data protection regulations? Do you clearly inform users about how their data will be used, and do you provide clear information about the use of cookies?

• Did you know that if you use more disruptive technologies within your business, such as customised platforms or online solutions, depending on the nature of your operations, you may need to audit these platforms to ensure they comply with certain privacy and security standards?

If you’re unsure about how to implement these measures within your company, feel free to contact us. Our Technology, Media and Telecommunications, and Data Protection Department team is ready to assist you with all of these matters. Get in touch with AGM Abogados.

Vanessa Alarcón Caparrós

Partner