We recently came across this article on Sollutia's blog: ¿Por qué una web debe cumplir la legalidad online? And we were surprised by the importance of this issue both legally and monetarily (what numbers), but what bothered us most was the relationship they raise of these with the customer's trust in a website.
So we set about digging and delving into the "legalistic" depths of all this. It's been hard, but here we bring you the first part of what we hope is a blogtastic adventure.
Although rather this post will be introductory and complementary to the “sollutiense’s” blog article, because here we add a plus on why we should worry (companies) about online responsibility, that is why we should be legally responsible online (not forgetting financial fines).
On the one hand because any website "treats" with user data (personal data according to article 4.1) of GDPR), either through the famous cookies or with something as basic as a contact form (the simple fact of requesting an email to responding involves having a personal data of the user because he/she can be identified with it), hence the obligation as responsible for the processing* of this data to report on what is done with them (chapter IV of the GDPR). This is the so-called principle of transparency (we recommend not to forget it for future deliveries).
On the other hand, as we were already told from Sollutia, there are a couple of texts that are quite important and that should not be neglected about this obligation: the LOPD (now LOPDGDD)** and the GDPR***. While the latter replaced the first in May 2018, we should not forget the guidelines set by the law, as the GDPR broads them; in addition to the LOPDGDD consolidating the above in the regulation. This justifies the importance of complying with this obligation or duty to report: the law is the law (even if it is called regulation is applicable rule). Not to mention the penalties involved in non-compliance: between 10 and 20 million, according to article 83 GDPR.
And so far the first delivery of the fascinating fascicles about online responsibility. We hope you have been interested and want to know more.
*«Processing»: "any operation or set of operations carried out on personal data or sets of personal data, whether by automated procedures or not, such as collection, registration, organisation, structuring, storage, adaptation or modification, extraction, consultation, use, communication by transmission, dissemination or any other form of access enablement, matching or interconnection, limitation, deletion or destruction". Text extracted from article 4 GDPR.
**LOPD / LOPDGDD: Ley Orgánica 3/2018, de 5 de diciembre, de Protección de Datos Personales y garantía de los derechos digitales.
***RGPD: Reglamento (UE) 2016/679 del Parlamento Europeo y del Consejo, de 27 de abril de 2016, relativo a la protección de las personas físicas en lo que respecta al tratamiento de datos personales y a la libre circulación de estos datos y por el que se deroga la Directiva 95/46/CE (Reglamento general de protección de datos).
ALERT: This article has been translated with automatic translation software so it may contain errors and inaccuracies. You can read the original article in this link: La Responsabilidad online: Introducción