Spain approves GDPR-style law but not yet in force

Spain’s Senate approved last week the law that will complement the GDPR. The text of the law has not yet been published. The adoption of the law has been delayed because, among other reasons, Spain’s legislature took the opportunity to add provisions that guarantee citizens’ 'digital rights'.

In general terms, the law closely follows the GDPR. Rafael García Del Poyo, Partner at Osborne Clarke in Spain told PL&B that as the national law must avoid derogations or overlaps with the GDPR, subsequent interpretation will be made by Spain’s DPA, as it is in their practical 'case law' where the national laws of the various Member States may differ.

Spain’s new Data Protection Act is expected to enter into force soon. As a consequence of the GDPR's direct applicability, those provisions of the former Spanish Data Protection Law of 1999 that were incompatible with the EU Regulation no longer apply. The new law will also repeal Royal Law-Decree 5/2018, of 27 July, which included urgent measures to adapt Spanish law to the EU legislation on some aspects of the sanctioning procedure for GDPR infringements.

Read Rafael García Del Poyo’s article on the new law in the December edition of Privacy Laws & Business International Report.