That is why citizens must be more aware than ever of the rights and obligations concerning personal information. The Spanish Data Protection Agency (AEPD)<\/a> is working hard to raise awareness of this issue, a task that is worth highlighting.<\/p>\r\n\r\n\r\n\r\n\r\n\r\n In this article we will discuss the rights and obligations that affect us in this matter and that are included in the current legislation.<\/p>\r\n\r\n\r\n\r\n At the European Union level, the regulation on personal data is a matter of the General Data Protection Regulation (GDPR)<\/a>. Adopted in 2016 and mandatory since 2018, this regulation is made to homogenize the regulations of the different member countries in terms of data protection.<\/p>\r\n\r\n\r\n\r\n It sets out the rights and obligations that we will discuss below, and one of its main objectives is to streamline the process by eliminating the associated bureaucratic barriers.<\/p>\r\n\r\n\r\n\r\n When some of the personal data is collected through different ways, such as web forms, on paper, by telephone or through an application, the person who owns such data must be duly informed of this fact.<\/p>\r\n\r\n\r\n\r\n In the event that the delivery of data is done directly, the notification will be prior to shipment, while if it is done through third parties through a legal transfer, there will be a set deadline. Such notification may be made by ordinary mail, electronic means or notifications within an app.<\/p>\r\n\r\n\r\n\r\n This includes the right to communicate with whoever is processing your data. Thanks to it you can demand to know what is being done with them and for what purpose, to whom they have been sent, until when they can have them, request changes or deletions, make a claim or know where they have been obtained in the case of a transfer by a third party.<\/p>\r\n\r\n\r\n\r\n It may happen that the personal information we provide contains errors or is incomplete. For this reason, we may at any time ask you to modify it in order to correct such errors or to complete the information that requires it.<\/p>\r\n\r\n\r\n\r\n It may be necessary to attach documentation verifying the plausibility of such changes.<\/p>\r\n\r\n\r\n\r\n It is possible to refuse data processing, whether it is carried out for public interest purposes, subject to exceptions that must be duly justified by the data controller, or for marketing purposes.<\/p>\r\n\r\n\r\n\r\n It may be one of the best known by the vast majority of the population. It deals with the deletion of personal data. In order for it to materialize, some requirements must be met.<\/p>\r\n\r\n\r\n\r\n Among these premises, we can highlight that this information is being used illegitimately, for a purpose that does not coincide with the original one, if it is required by any legal provision or if the aforementioned right of opposition has been exercised.<\/p>\r\n\r\n\r\n\r\n With it, the use of the personal data provided can be restricted to a certain extent. There are two possible options, to request the suspension of the data or to request its conservation.<\/p>\r\n\r\n\r\n\r\n This right facilitates the transfer of data between data controllers. This ensures that they are interoperable, reusable and machine-readable because they are in a properly structured format.<\/p>\r\n\r\n\r\n\r\n In other words, as a general rule, no decision that legally or negatively affects the person who owns the personal data may be taken solely on the basis of the study of this information.<\/p>\r\n\r\n\r\n\r\n Once we know our rights, we must also know the obligations that data controllers must comply with. These obligations are based on a series of relative principles that we will describe next to these obligations.<\/p>\r\n\r\n\r\n\r\n It protects data from unlawful processing or processing for malicious purposes. This ensures that personal data falls under the protective umbrella of the GDPR.<\/p>\r\n\r\n\r\n\r\n The data must be collected and processed on the basis of a specific purpose, without forgetting, of course, that this purpose must be covered by the law in force.<\/p>\r\n\r\n\r\n\r\n We will only work with the information that is strictly necessary to achieve the objectives set, so no additional data will be made available without justification.<\/p>\r\n\r\n\r\n\r\n The data must be accurate and up to date. Appropriate steps must be taken to correct errors or update the data.<\/p>\r\n\r\n\r\n\r\n Personal data must be kept as long as they can be useful for the fulfillment of the purpose for which they were collected. Once this time has elapsed, they should be deleted or action should be taken to ensure that the owners cannot be identified through them.<\/p>\r\n\r\n\r\n\r\n Appropriate technical and other measures shall be implemented to prevent unlawful processing, damage, loss or destruction of personal data.<\/p>\r\n\r\n\r\n\r\n According to it, data controllers must take measures such as risk analysis, communication of security breaches or a register with all the processing received by these data.<\/p>\r\n\r\n\r\n\r\n Appropriate technical and organizational measures must be taken to ensure that the data is adequately protected against theft, loss or alteration of any kind.<\/p>\r\n\r\n\r\n\r\n As we can deduce, these measures are closely linked to many of the relative principles just described.<\/p>\r\n\r\n\r\n\r\n Some of the most common and undisputed security measures are:<\/p>\r\n\r\n\r\n\r\n It is important to highlight that there are some types of personal data that require special mention, and that the GDPR<\/a> expressly prohibits, with some exceptions, their processing. These special data are classified as:<\/p>\r\n\r\n\r\n\r\n The RGPD has meant a great advance in terms of personal data rights and obligations. From Viafirma we have a high level of commitment with this regulation, having it constantly present in the development of our solutions, as it is the case of Viafirma Documents.<\/a><\/p>\r\n\r\n\r\n\r\n For example, one of the most interesting aspects of Viafirma Documents in terms of personal data is the creation of mandatory reading clauses for all types of documents, providing legal certainty and peace of mind to all parties involved. Another application we can mention is the document management of the informed consent<\/a> for health treatments or research in laboratories<\/a>.<\/p>\r\n\r\n\r\n\r\n As we have seen, the protection of something as sensitive as personal data is of great concern to the authorities and, consequently, to companies and institutions. This is why we will remain up to date on a subject on which we all need to be fully informed.<\/p>\r\nThe GDPR and your personal data rights<\/h2>\r\n\r\n\r\n\r\n
Rights<\/h2>\r\n\r\n\r\n\r\n
Transparency: your right to information<\/h3>\r\n\r\n\r\n\r\n
Of access<\/h3>\r\n\r\n\r\n\r\n
To rectification<\/h3>\r\n\r\n\r\n\r\n
Of opposition<\/h3>\r\n\r\n\r\n\r\n
To oblivion<\/h3>\r\n\r\n\r\n\r\n
To the limitation of the processing of your data<\/h3>\r\n\r\n\r\n\r\n
To the portability of your data<\/h3>\r\n\r\n\r\n\r\n
Not to be subject to individualized decisions<\/h3>\r\n\r\n\r\n\r\n
![\"RGPD](\"https:\/\/www.viafirma.com\/wp-content\/uploads\/2019\/11\/RGPD-y-datos-personales-1-1024x678.jpg\")
<\/figure>\r\n\r\n\r\n\r\nObliations<\/h2>\r\n\r\n\r\n\r\n
Relative principles<\/h3>\r\n\r\n\r\n\r\n
Fairness, loyalty and transparency<\/h4>\r\n\r\n\r\n\r\n
Purpose limitation<\/h4>\r\n\r\n\r\n\r\n
Data minimization<\/h4>\r\n\r\n\r\n\r\n
Accuracy<\/h4>\r\n\r\n\r\n\r\n
Conservation period<\/h4>\r\n\r\n\r\n\r\n
Integrity and security<\/h4>\r\n\r\n\r\n\r\n
Proactive responsibility<\/h4>\r\n\r\n\r\n\r\n
Security<\/h3>\r\n\r\n\r\n\r\n
\r\n
Special categories of data<\/h3>\r\n\r\n\r\n\r\n
\r\n
![\"work](\"https:\/\/www.viafirma.com\/wp-content\/uploads\/2019\/09\/firma-digital-2-1024x682.jpg-768x512.webp\")
<\/div><\/a>![\"Contrato](\"https:\/\/www.viafirma.com\/wp-content\/uploads\/2018\/04\/blog_contrado_sanidad-768x475.webp\")
<\/div><\/a>