CONFIALIS IS A PIONEER IN SPAIN, ESTABLISHING AGREEMENTS FOR THE SALE OF TECHNOLOGICAL AND KNOWLEDGE PROCESSES RELATING TO DATA PROTECTION IN OTHER COUNTRIES OF THE EUROPEAN UNION

The European Union has sought to guarantee the protection of individuals with regard to the processing of personal data and the free movement of personal data, making use of the Directive 95/46/EC of October 24, 1995.

Every country of the Union has transposed this Directive, along with Convention 108 of the Council of Europe for the Protection of Individuals, into their legal codes, and created their own national Data Protection Agencies. The goal is to promulgate the basic principles of Quality, Purpose, Information, Consent, Access, Communication and Security of the Data.

This Regulation establishes a form of authority that is independent of supervision, called the European Data Protection Supervisor, responsible for monitoring the processing of personal data by the Community institutions and bodies. Besides, each institution has a Data Protection Officer who cooperates with the EDPS and, in particular, notifies him of certain sensitive data processing operations, such as those relating to health matters and evaluation of staff. Moreover, the European Council has created the Joint Supervisory Body (JSB), in order to control police data and the movement of said data between the different member states.

Some states such as Germany have adopted data protection laws that are stricter than the Directive. Others, such as Finland, have laws that are not so strict in certain aspects, like notification requirements. The rules that regulate the transferring of personal data outside the European Union may vary depending on the State where they originate from, such as the Netherlands, where a special permit is required for the movement of data between countries. The penalties for infringing the law vary substantially from one country to another.

International Operations

Data Protection is not only a problem for companies that operate in Europe, but also for non-European companies with clients or suppliers in Europe; and, in short, it is a new challenge for Companies, Organisations and Professionals.

Data protection issues affect each organisation that gathers personal information about employees, clients or suppliers that are located in any country with data protection legislation. Since such legislation presently exists in over forty countries throughout the world; including a large part of Europe, Hong Kong, Australia, Canada and several south American countries, if you are doing business abroad or have operations overseas, your organisation will probably be affected.

If you are doing business in countries that have data protection laws, your colleagues in that country are probably not going to be able to send you personal information, such as client information, unless they can contractually guarantee a sufficiently high level of protection for that information. If the organisation sends the information without obtaining any guarantee, they could face penalties in their own country for breaking the law.

It could not be any other way, in a globalised society. Consumers and employees are increasingly more aware of their rights about data protection and privacy. Consequently, individuals have a greater expectation that any organization that they disclose their data to will only use such information in a way that respects their right to privacy.

Council of Europe

Convention for the Protection of Individuals with regard to the Automatic Processing of Personal Data (ETS No 108)

This Convention was open for signature on January 28, 1981, and it was the first legally binding international instrument in the data protection field. Under this Convention the Parties are required to take the necessary steps in their domestic legislation to apply the principles on which it is founded. The goal was no less than ensuring respect in their territory for the fundamental human rights of all individuals with regard to processing of their personal data.

The Additional Protocol, which opened for signature on November 8, 2001, requires the countries to set up supervisory authorities, exercising their functions with complete independence, which are an element of the effective protection of individuals with respect to the processing of personal data.

Services

Starting from the point of the existing form of control of the European Commission, the European Data Protection Supervisor, the Council of Europe, the different Member States with their Regulatory Agencies, the Association Agreements of the Spanish Data Protection Agency with Latin America, the OECD and the United Nations. Special importance is placed on carrying out the proper form of processing of the information that is transferred to other countries by any means, whether via Internet, telephone, fax, letters, etc.

We can provide you with advice on all matters affecting these transactions, undertaking the bureaucratic administration necessary for you to comply with the European directives and the laws of the countries that you are going to have dealings with. This applies both in your own countries and in those that are the destination or the source of the information. Furthermore, we will create your Security Plan, Security Policies and the Protocols for you that are suited to the laws in force in your country. In the Adaptation Plan, we will pay particular attention to the rights of individuals arising under the protection of the legislation of their countries, always with the objective of the Protection of Human Rights proposed by the European Directives and International Law.