It incorporates the interpretative criteria of:
The COVID-19’s sanitary crisis and the pandemia’s fast spread evolution has given place to the state of alarm by means of the Royal Decree 463/2020, of March 14th.
The state of alarm is one of the three states of emergency foreseen at the article 116 of the Spanish Constitution, together with the state of exception and the state of siege. This regulation is included in the Organic Law 4/1981, of June 1st.
According to the article 4.b) of the Organic Law 4/1981, of June 1st, the Government can declare the state of alarm across the entire or part of the national territory, when it is produces a severe alteration of the normality owed to sanitary crisis such the epidemics.
The Royal Decree 463/2020, of March 14th, establishes the adoption of several procedures with an initial length of 15 natural days that has been already lengthened by the Government until the 00:00 of the day 12th of April by regulations of the RoyalDecree 476/2020, of March 27th.
One of the areas that this adoption has impact is the public administration for what the Royal Decree foresees the suspension and stoppage of the terms for the processing of the procedures of the entities of the public sector.
The computation will restart at the moment that miss force the Royal Decree or its extensions.
El Reial decret considera entitats del sector públic les següents:
The Royal decree considers a public sector entity the following ones:
a) Any public organism and entity of public right public linked to the public administration.
b) Private right entities linked to the public administration.
c) Public universities.
The article 33 GDPR foresees a term of 72 hours for the notification to controller authority of security violations or leaks of personal data that constitute a risk for the rightss and the liberties of the people. If the notification is not produced in a term of 72 hours, it has to detail the reason of delay.
The Data Protectoin Spanish Agency released a communication on April the 2nd considering the suspension of terms foreseen in the third additional willingness of the Royal Decree 463/2020 does not affect at the debenture to notify the rapes of security that affect at personal data. Of chord with this, the managers and attendants of treatment, at fulfillment of the article 33 RGPD, are obliged to notify at the authority of control at the term of 72 hours, the rapes of security of the personal data that constitute a risk for the royalties and the liberties of the physical persons, without damage that at case of not having at this term of all the necessary information, can later magnify it by means of an additional notification.
Likewise, the managers have to take the necessary sizes that are necessary to eschew grave damages at the royalties and liberties of the persons affected by the violation, including, if escau, the communication of a rape of the security of the personal data at the interested foreseen at the article 34 RGPD, when the rape suppose a tall risk for the royalties and liberties of the interested.
AEPD. (2020). [Online]: Notificación de brechas de seguridad de los datos personales durante el estado de alarma. Extret el 7 d’abril de 2020 de https://www.aepd.es/es/prensa-y-comunicacion/blog/notificacion-de-brechas-deseguridad-de-los-datos-personales-durante-el
Departament de la Presidència. (2020). [Online]: Instruccions i informes jurídics en relació a la situació generada pel COVID-19. Extret el 7 d’abril de 2020 de https://presidencia.gencat.cat/ca/ambits_d_actuacio/organsconsultius/gabinet_juridic/instruccions-i-informes-juridics-covid-19/
Subscriu-te i rep cada mes novetats i notícies al teu emailEmail
Subscriu-te i rep cada mes novetats i notícies al teu email