The regulation of data protection in the European Union and in Spain: evolution and current framework

Abstract

The right to data protection has been in constant development, and so its regulations. Driven thus by the new technologies and new ways of putting our personal data at risk, an attempt was made to create a legal framework for data protection with such regulations as the 1981 Council of Europe Convention or the Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 (Data Protection Directive), among others. There are currently two regulations that mainly regulate this right: Regulation (EU) 2016/679, of the European Parliament and of the Council, of 27 April 2016, on the General Data Protection Regulation (GDPR), in the European Union, and Organic Law 3/2018, of 5 December, on the Protection of Personal Data and Guarantee of Digital Rights, in Spain. These two regulations are intended to provide this right with content, and have built a new legal regime in relation to data protection: novelties such as new data subject rights, Data Protection Officer (DPO), more principles (v. gr. transparency, purpose limitation, data minimisation), privacy by design & by default, data protection impact assessment (DPIA), etc.