On November 5, 2019, the Royal Decree-Law 14/2019, of October 31st, has been published in the BOE, where urgent measures are taken for reasons of public safety in the field of digital administration, procurement of the public sector and telecommunications. This ‘Royal Decree-Law’ aims to establish on the part of the State urgent measures concerning national identity documents; to the electronic identification before the public administrations; to the data that is open to the public administrations; to public procurement and to the telecommunications sector.
MODIFICATION OF LAW 39/2015, OF OCTOBER 1st, OF THE COMMON ADMINISTRATIVE PROCEDURE OF PUBLIC ADMINISTRATIONS.
In relation to electronic signatures, it is established that the interested parties may identify themselves with the Public Administrations with concerted key systems and any other system, which the Administrations consider valid in the terms and conditions established, provided that they have a previous registration as a user that allows guaranteeing his identity, with previous authorization by the General Secretariat of Digital Administration of the Ministry of Territorial Policy and Public Function.
Likewise, it establishes the obligation that the technical resources necessary for the collection, storage, processing and management of these systems are located in the territory of the European Union, and in the case of special categories of data in what is referred to in article 9th of the General Regulation on data protection, in Spanish territory.
MODIFICATION OF LAW 40/2015, OF OCTOBER 1st, OF LEGAL REGIME OF THE PUBLIC SECTOR
It is established that the information and communication systems for the collection, storage, processing and management of the electoral roll, the municipal censuses of inhabitants and other population registers, tax data related to own taxes or ceded and data of users of the national health system, as well as the corresponding personal data treatments, must be located and provided within the territory of the European Union. Also, except in cases provided by law, it is established that when the Public Administration of data transfer intends the subsequent processing of the same for a purpose that it considers compatible with the initial purpose, it must previously notify the public Administration assigning it. so that it can check this compatibility. The transferring public Administration may, within a period of ten days, objectively object. As long as the assigning Public Administration does not communicate its decision to the assignee, the assignee may not use the data for the new purpose.
MODIFICATION OF LAW 9/2017, OF NOVEMBER 8th, OF CONTRACTS OF THE PUBLIC SECTOR
It is established that in those contracts whose execution requires the transfer of data by public sector entities to the contractor, the contracting body must in any case specify in the contract file what the purpose of the Treatment of the data that must be ceded
In this sense, the pleadings must explicitly mention the obligation of the future contractor to comply with current data protection regulations.
Notwithstanding the provisions of Article 28.2 of the General Data Protection Regulation, in those contracts whose execution requires the processing by the personal data contractor on behalf of the person in charge of the processing, in addition the specifications shall state:
a) The purpose for which these data will be assigned.
b) The obligation of the future contractor to submit, in any case, to the national and European Union regulations regarding data protection, without prejudice to the provisions of the last paragraph of section 1 of article 202.
c) The obligation of the adjudicating company to present before the formalization of the contract a statement stating where the servers will be located and from where the associated services will be provided.
d) The obligation to communicate any changes that occur, throughout the life of the contract, of the information provided in the declaration referred to in point c) above.
e) The obligation of bidders to indicate in their offer, if they plan to outsource the servers or services associated with them, the name or the business profile, defined by reference to the conditions of professional or technical solvency, of the subcontractors to those who are going to entrust their accomplishment.
Finally, the ‘Royal Decree-Law’ includes a transitional regime in relation to the various modifications made.
Subscriu-te i rep cada mes novetats i notícies al teu emailEmail
Subscriu-te i rep cada mes novetats i notícies al teu email