What is the LOPD and RGPD? - Is your website compliant?

Index of contents

If you have a website or are thinking about having one, you should be aware of the regulations on data handling. Websites use information about their visitors for different reasons, but for that reason must meet certain legal parameters

Currently, there are international precepts, such as the RGPD, which ensure the confidentiality of users' personal data. In addition, there are specific regulations in some countries that ensure compliance with privacy policies on websites. To find out if your website complies with the LOPD and RGPD, we invite you to read on. 

What is the RGPD and the LOPD? 

Since 2016, the European Union approved the General Data Protection Regulation, whose acronym is GDPR. However, it is not until 2018 that this law enters into force, i.e. it starts to be applied. Its aim is to ensure the security of Europeans' personal data by implementing protective measures.

For its part, the LOPD is the Organic Law on Data Protection implemented in Spain since 1999. This law also seeks to guarantee the protection of the personal information of its citizens. 

However, starting in 2018 the LOPD adapted its provisions to the requirements of the GDPR.. The reason for this adherence is that the GDPR was created by the EU, which is a higher order body. So the LOPD will remain in force as long as it does not contradict what the RGPD states.

Does my website have to comply with the RGPD and the LOPD?

A website must comply with the provisions of the RGPD and the LOPD if it handles personal data of its users. Personal information is any type of data that can identify an individual. Therefore, personal data can be anything from a name or email address to an IP address. 

It is important to clarify that these laws are not focused on websites, but on legal entities or individuals. So it is not specifically your website that must comply with this regulation, but your company or institution. 

That is, whether you have a web space or not, if you receive any personal information, you must treat it lawfully. A business or non-profit organization, for example, must adhere to these laws if you handle data on your employees.

However, if you are not part of a company or institution, you are classified as a "natural person". In that case you must comply with the LOPD and the RGPD if you handle other people's data. For example, a personal blog must comply with these laws if it includes a chat in which the person commenting is identified.

Another important factor for compliance with this law is that it is framed within the European Union. This aspect is decisive because it means that anyone who deals with European data will have to abide by the regulation. Therefore, companies that are not in Europe, but handle their citizens' data, are subject to the GDPR.

What does the RGPD and the LOPD seek?

What is the LOPD and RGPD?

The objective of these regulations is to respect the personal information of individuals. To this end, the LOPD and RGPD seek to control how companies handle their customers' data. Some of the information protection measures promoted by this law are the following: 

Ensuring consent

One of the principles of these regulations is that there must be consent from the users to take their data. In other words, the company must ask its customer if he/she agrees to have his/her information taken. The user's decision must be explicitly expressed. 

Informing users

Another priority for the LOPD and RGPD is that the user is informed of what will be done with their data. This explanation must be provided before the user gives consent. That way, at the time of deciding, the person will know whether or not it is in his or her best interest to give up his or her information. 

Respect the reversibility of the decision 

The aim is to guarantee the user the possibility of reversing his decision. Regardless of whether a user has agreed to have his or her data used, if he or she regrets it, he or she can cancel the permission. 

Maintaining data protection 

According to the LOPD and RGPD, the control of personal data must be applied at all times. To this end, it is stipulated that a "privacy policy" must be complied with.Data processing contract". This document must be maintained throughout the chain of recipients of personal data. 

In order to comply with such a contract, it is necessary to assign certain responsibilities in writing to those who provide and receive data. Whoever provides the information must fulfill the legal role of "Data Controller". On the other hand, whoever receives the information is the "Data Controller". 

For example, if you use email marketingby passing user data to you, you are the "Data Controller". Meanwhile, the courier company will then be the "Data Processor". This is legally established between the two parties in the "Data Processing Agreement".

How can I comply with the LOPD and the RGPD on my website?

Websites must comply with certain protocols to ensure that users' rights over their information are respected. From the web design and development tools can be used to add the mandatory provisions of these laws to the site.

Here are some of the requirements that your website must meet in order to be up to date with the LOPD and RGPD:

Confirmation checkbox

As already mentioned, it is necessary that the user gives explicit permission to handle your data. This is integrated into the web pages through a confirmation checkbox. 

This tool should not be previously marked, because it would be persuading the visitor's decision. Nor can it be presented only with a notice indicating that if the user continues browsing the site, the consent is approved. Ideally, options should be displayed immediately after the user enters the page. 

A suitable example of a checkbox is the one shown on the pages for the user to accept or reject cookies. 

Providing information to the user

It is essential to inform the user about his privacy rights and the use that will be made of his data. The information must be available before and after the user decides whether or not to disclose his or her information. 

In different portals you can find texts that try to achieve these goals and that can serve as a model. However, this type of document depends on each web site, because contemplates particular information of the company. 

For example, links that the site has with other services that may require user data are usually indicated. Indicate the hosting is being used is part of what is usually reported. 

Maintain Data Protection Agreements

You must establish a "Data Protection Agreement" with the companies linked to your company that use this type of information. Therefore, it is advisable to choose services that also follow the provisions of the LOPD and RGPD. 

It is also important that you follow the procedures stipulated in these laws on the transfer of information. For this it is necessary to have SSL certificates and encrypt the data.

Making sure your website complies with the LOPD and RGPD will prevent you from paying large sums of money in fines. If you want the advice of professionals, at Geekobit we can help you. 

> Share it to whoever may be interested: