News and articles about data protection in Spain

privacy shield RGPD

Fall of the privacy shield and its consequences

The Court of justice of the European Union (CJEU) issued on July 16, 2020 an important ruling with regard to the data transfer regime between the European Union (EU) and the United States of America (USA) in so-called case ‘’Facebook Ireland v Schrems’’, whereby the personal data stored and processed by the United States does not meet the level of security required by the GDPR.

By this ruling, the CJEU invalidates Decision 2016/1250 on the adequacy of the protection provided by so-called ‘’ Privacy Shield’’, which allowed the transference of data between the operators from the EU and the US abide by their data protection principles without further formalities.

despido gps

The dismissal based on the GPS of the company vehicle, does not violate the right to privacy of the worker if he is aware of its existence (STS No. 766/2020, of September 15).

The Supreme Court of Justice of Andalusia, considered in the Judgement of October19, 2017 that the use of data obtained with the use of GPS installed in a company car to initiate disciplinary proceedings for a purpose other than its own, violated fundamental rights and the dismissal had to be declared void.

Instead, the Supreme Court allowed an appeal of a company that fired a worker for using the company car while on medical leave and outside of working hours.

In order to answer this question, the Court asks whether the control goes beyond the limits of the purpose assigned to the data collection system and whether,

Plazo para adaptar tu política de cookies

31 October, the deadline for adapting the cookie policy. The expression ”continue browsing” is no longer valid

In July 2020, the Spanish Data Protection Agency (AEPD) published an updated Guide on the use of cookies, in accordance with new criteria on consent by the European Data Protection Committee.

The AEPD imposed an obligation on each website owner to adopt their cookie policies in accordance with new criteria before October 31, 2020.

Have you already made all the necessary changes?

Here is a brief summary of the modification we consider the most important.

Perhaps the most relevant novelty in the new Guide is that the ‘’continue browsing’’ mode is not a valid way to consent to downland the cookies.



Banksy is the pseudonym behind which an anonymous British artist hides. He is one of the most famous and unknown artists while at the same time he is dedicated to street art with a vindictive background.

There are many theories that try to deduce who this artist is, but none comes close to reality. Until now everyone knows that the anonymous author who appears from time to time creating street art is Banksy, but at present his anonymity is harming him and causing a very complex situation.

Some time ago, the artist claimed his work “Flower Thrower”

Brexit and the intellectual property rights protection

Brexit and the intellectual property rights protection

The Brexit deadline is planned to be the 31st January 2020 and the withdraw dial will bring a lot of changes that will affected also in the field of intellectual property, specifically on trademarks, its validity and its regulation after the UK exit from the EU.

Are Trademarks affected by Brexit?

Trademarks will effectively be affected after the Brexit, as well as the unitary effect that will cause in all EU Member States, as the EUTMs will no longer protect trademarks registered in the UK as it is exclusively a matter of the EU law,


GDPR compliance

The General Data Protection Regulation (GDPR), which is applicable from 25 May 2018 for all European Union companies that process data of European citizens, as well as for those companies established outside the European Union that process data of European citizens, in relation to an offer of products or services offered to them, or with the analysis of their behavior within the EU; and the Spanish “Ley Orgánica de Protección de Datos y garantía de los derechos digital” (LOPDGDD), which has been fully applicable since 5 December 2018 and is binding within Spanish territory.

rgpd restaurantes


Nowadays, there will still be companies which are not adapted to the new legislation. If you are not up-to-date with the General Data Protection Regulation (GDPR), you can risk fines of up to Euros 20,000,000 or 4% of the total annual income, and the competent Control Authority in Spain, the Spanish Data Protection Agency (AEPD) will opt for the highest amount. In Letslaw we can help you to be adapted to both the GDPR and the new Local Law in this respect.


How do I know if I do any data processing in my restaurant?

redaccion nuevos contratos rgpd

Drafting of Contracts under the New GDPR

Do you need the redrafting of contracts under the new GDPR? We, at Letslaw, keep our commitment to inform of how the entry into force of the new General Data Protection Regulation is affecting the drafting of new contracts.

This regulation entails many novelties and we have already talked about how to implement it and of the differences with the LOPD. Lets have a look at the new contractual developments that must take into account in the redrafting of contracts under the new GDPR.

Agreement between Controller and Processor

The new General Data Protection Regulation (hereafter,

diferencia rgpd lopd

What is the difference between GDPR and LOPD?

It is so important for your business to learn about the main differences between LOPD and GDPR as well as the latest news about the regulatory framework in data protection.

Almost everything we do in our day to day life has some effect on our privacy, even if many times we are not aware of these details. This is the main reason for the existence of a normative that regulates everything that happens with our data.

Due to the cross-border nature of the Internet a primary purpose of the GDPR is to harmonize data privacy protection regulations across the EU member nations,

Protección de datos en hoteles

Data Protection in Hotels

In order to provide their services, hotels need to collect different types of personal data from their customers. They must, therefore, take into account specific data protection regulations.

Under the new General Data Protection Regulation (GDPR), effective as of 25 May 2018, hotels may foresee and apply all measures and policies necessary to prevent any inappropriate processing of personal data of their guests, workers, etc. It is therefore of utmost importance that hotels apply correctly the GDPR before said date.

What does a Hotel need to do to comply with the Law?