The Government approves the Royal Decree-Law 5/2018, of July 27th, without waiting for the coming into force of the new data protection organic law

Yesterday, July 31^st, 2018, the new Royal Decree-Law 5/2018, of July 27^th, came into force. This norm, with legal force and composed of three chapters, has been adopted due to the urgency of adapting the national legal system to certain issues foreseen in the EU Regulation 2016/679 on Data Protection (“RGDP”), the latter without prejudice of the organic law that is currently pending parliamentary processing.

The first chapter of the Royal Decree-Law is dedicated to the data protection inspection, for which, among other issues as the scope of the activity and the applicable regulations in case of collaboration with other Member State control authorities, identifies the officials of the Data Protection Spanish Agency and the officials expressly appointed by the director of the latter as the ones responsible and competent to carry out this task.

The second chapter refers to the penalty system. Thus, the old infractions contained in the Organic Law 15/1999 are replaced by those of the RGDP, the infringing subjects are listed, and the prescription terms and applicable sanctions are specified, and all according to the new European regulation.

Finally, the third chapter ensures the correct application of the new and special proceedings which need to be followed in case of a RGDP violation, for which the Spanish Royal Decree-Law distinguishes between three different proceedings depending on the treatment at stake: cross-border treatment, cross-border treatment with local relevance in a Member State, and national treatment.

The new Royal Decree-Law will be effective until the approval and publication of the future organic law, which will finish to set and adapt the national legal system to the European Regulation on Data Protection.