CONTACT

CERTIFIED NOTIFICATIONS

Postal online burofax

Certified Email

Certified SMS

Certified web publications

Certified WhatsApp

ELECTRONIC CONTRACTING

Electronic signature

Virtual Signature Virtual Room

CERTIFIED DIGITAL IDENTIFICATION

Verification

Authentication

DNI Wallet

Videoidentification

COMPLIANCE SOLUTIONS

GDPR – Consent Management

IDD Regulations

Digitization of ADR processes

REGTECH PLATFORMS

CertySign

PostaMail

OneSpan

TRANSACTIONAL

Transpromo

Dynamic communications

E-Invoice

Archiving

MARKETING

Direct and promotional marketing

Personalized videos

SERVICES

Customer Communications Management

Data Quality

Data Analytics

Tech-Agency

Document digitization

Printing and finishing

OMNICHANNEL PLATFORMS

Communicalia

Quadient

MailShop PHYGITAL

ABOUT OUR COMPANY

MailComms Group

Team

Certifications

Sustainability

Alliances

Sectors

Events

¿Quién vela por la protección de nuestros datos? Entidades autonómicas, nacionales y supranacionales

Table of Contents

  1. At the national level
  2. At the regional level
  3. At the European level
  4. Conclusion

Introduction:

The protection of personal data has become a priority for citizens and one of the challenges of the and one of the most important and one of the most important compliance challenges for organizations.. And, in order to ensure compliance with the provisions of the different legislations on the subject, there are several institutions that supervise, regulate and sanction the improper treatment of personal information.

These entities ensure compliance with regulations such as the General Data Protection Regulation (GDPR) in Europe or the in Europe or the Organic Law on Data Protection and Guarantee of Digital Rights (LOPDGDD) in Spain, and also offer guidance, resolve complaints and promote a culture of respect for privacy. in Spain, and also offer guidance, resolve complaints and promote a culture of respect for privacy.

In this article you will learn about the main entities responsible for these tasks at regional, national and European level. You will also read about their main functions, their fields of action and their contribution to the protection of our digital rights.

At the national level

Spanish Data Protection Agency (AEPD)

It is the independent national authority in charge of ensuring compliance with data protection regulations. Its most relevant functions are:

Spanish Data Protection Agency

  1. Supervision of the application of the RGPD and the LOPDGDD. Protects the rights that citizens have regarding access, rectification, limitation, opposition, deletion (“right to be forgotten”), portability and opposition to the processing of automated decisions. It offers specific models so that individuals can easily exercise their rights before the data controller.
  2. Resolution of citizens’ complaints. Complaints to the AEPD will be made in cases where the person has addressed the organization responsible for the processing and the latter has not responded within the established period. Also when there has been a response, but the citizen considers that it is not adequate.
  3. Imposition of sanctions for infringements. The AEPD has the power to investigate and sanction public and private entities that fail to comply with data protection regulations. These sanctions range from formal warnings to significant financial fines, which in the most serious cases can reach 20 million euros or 4% of the overall annual turnover of the offending company. The agency can act ex officio or on the basis of the complaints it handles, and its resolutions will be made public in order to promote transparency and exemplarity.
  4. Promoting privacy awareness and training. The agency develops awareness campaigns, organizes conferences, collaborates with educational centers and publishes teaching materials. And each year, in its annual report, it offers a summary of the training activities carried out, including practical guides, explanatory videos and resources for minors, teachers and professionals. It has also promoted initiatives such as the priority channel for reporting the non-consensual dissemination of sensitive content on the Internet.
  5. Publication of guides, recommendations, codes of conduct, legal reports and recommendations. In this way, it seeks to facilitate regulatory compliance by data controllers. Codes of conduct are sectoral self-regulatory mechanisms that allow the adaptation of regulations to specific contexts (such as health, education, marketing, etc.). They have to be approved by the AEPD and can be national or transnational in scope, and compliance with them can be monitored by accredited bodies. These mechanisms help to reinforce the principle of proactive responsibility and build user confidence.

At the regional level

There are three autonomous data protection authorities in Spain, the Basque Data Protection Authority, the Catalan Data Protection Authority and the Council for Transparency and Data Protection of Andalusia.

In the event that a complaint falls within the competence of these entities, the AEPD would transfer it to them for management and resolution.

Data protection Autonomies

At the European level

In Europe there are two data protection authorities, the European Data Protection Committee and the European Data Protection Supervisor.

European Data Protection Board (EDPB) European Data Protection Board

It is an independent body that ensures the consistent application of the GDPR across the European Union, created in 2018. It consists of all the national data protection authorities of the Member States and the European Data Protection Supervisor (EDPS).

Its main functions are:

  1. Ensures regulatory consistency. It ensures that the GDPR is interpreted and applied uniformly throughout the European Union. It also issues binding decisions in cases of disputes between national authorities (e.g. in cross-border processing).
  2. Issues guidelines and recommendations to help interpret key concepts of the GDPR such as consent, legitimate interest, etc.
  3. Resolves conflicts between national authorities on decisions affecting several countries (coherence mechanism and one-stop shop).
  4. Advises the European Commission by issuing opinions on legislative proposals, GDPR reforms and adequacy decisions. For example, on whether a third country provides an adequate level of data protection.
  5. Promotes cooperation and exchange of information, experiences and best practices among national authorities.

European Data Protection Supervisor (EDPS)

The EDPS is an independent supervisory authority of the European Union, whose activity began in 2004. The body was set up to ensure that the EU institutions and bodies respect the fundamental right to the protection of personal data in the performance of their duties.

Among other things, it is dedicated to:

European Data Protection Supervisor

  1. It monitors data processing by European institutions and actively participates in the development of European legislation related to data protection.
  2. It cooperates with other data protection authorities, especially as part of the European Data Protection Board (EDPB), to ensure regulatory consistency across the EU.
  3. Technology watch. Assesses the impact of new technologies (such as artificial intelligence, biometrics or digital surveillance) on fundamental rights related to data privacy.

Conclusion

Whether national or supranational, data protection institutions, such as the AEPD, EDPB and EDPS, are key to ensuring that citizens’ privacy rights are respected in a digital environment.

Their joint work ensures consistent enforcement, promotes accountability in the use of data and protects citizens against potential abuses.

In short, they are key entities for a safer and more transparent digital society.

Te acompañamos en el camino de la transformación digital

CONTACTA CON UN ESPECIALISTA
AGENDA UNA CITA AHORA