Lawyers with expertise in Data Protection

Defense against sanctioning procedures

The entry into force of the European Data Protection Regulation (GDPR), as well as the Organic Law on data protection and guarantee of digital rights (LOPDGDD), entails significant changes in sanctioning matters.

Creation of supervisory authorities. Spanish Data Protection Agency

To ensure compliance with the regulations, control authorities are created in each EU Member State, in the case of Spain: The Spanish Data Protection Agency (AEPD).

These are public law entities responsible, among other multiple functions, for exercising the power to impose penalties in matters of data protection, as well as for dealing with complaints lodged by data subjects or organizations.

Thus, in the event of any breach of data protection regulations, the right to appeal to the supervisory authority is recognized.

Increased sanctions

Failure to comply with data protection regulations entails penalties and fines of up to 20 million euros or 4% of the previous turnover.

Navas Cusí has a team of lawyers who are experts in advising and assisting both companies and individuals in all sanctioning proceedings regarding data protection. It offers the following services:

• Legal defense and representation at all stages of the sanctioning procedure
• Legal assistance against sanctions by the supervisory authority.
• Response to injunctions.
• Advice on exercising rights of access, rectification, cancellation, or opposition.
• Preparation and presentation of appeals.
• Claiming compensation for infringements by third parties.
• Legal assistance in inspection processes by the supervisory authority (AEPD)

International transfers

In the globalized world in which we find ourselves, international data flows are becoming increasingly frequent, so much so that European data protection legislation (GDPR) includes in its Title V the regulation of this type of activity, establishing a complex system of mechanisms for cross-border data processing.

European legislation defines international transfers as any flow of personal data from Europe to recipients established outside the European Economic Area. Thus, when we make an Internet purchase, communicate data, transfer or order a service from an entity or person outside the European Union or outside Iceland, Liechtenstein, or Norway, in these cases, we are carrying out an international transfer of personal data.

For this reason, European legislation, with the aim of safeguarding the privacy and fundamental rights of individuals, establishes legal limits, mandatory requirements, and different ways to proceed with international data transfers.

Thus, in order to ensure that transfers are carried out with the highest degree of security and in compliance with European regulations, Navas & Cusí Abogados offers the following services:

• Advice on how to carry out international data transfers.
• Drafting of reports for international data transfers.
• Advice on data transfers with countries outside the European Union and on the international panorama.
• Stipulation of contractual clauses.
• Advice on how to carry out transfers with guarantees.
• Applications for authorization to the Spanish Data Protection Agency (AEPD).
• Drafting of binding corporate rules (BCR).
• Drafting of consent clauses
• Standard data protection clauses adopted by a supervisory authority and endorsed by the Commission
• Binding codes of conduct and commitments.