Private Access
Private Access
Private Access

Legal Department

LOPD GDD

Legal Department

LOPD GDD

Our experience allows us to know and understand how they work.

What is the LOPD GDD?

LOPD GDD – Organic Law on Data Protection

The LOPD LOPD GDD, or Organic Law on the Protection of Personal Data, was a Spanish regulation designed to protect the fundamental rights of natural persons, especially their honor and personal and family privacy, in relation to the processing of their personal data.

Although this law has been replaced by the LOPDGDD (Organic Law on the Protection of Personal Data and Guarantee of Digital Rights), which aligns with the European Union’s General Data Protection Regulation (GDPR), the basic principles of data protection remain relevant and applicable today.

What is the purpose of LOPD GDD?

It primarily serves to recognize and protect the right of all people to know, update and rectify the information that has been collected about them in databases or files that are subject to processing by public or private entities.

I want to know more

What are the benefits of the LOPD GDD?

Legal protection

Complying with the law ensures that your company is aligned with current data protection laws and regulations, avoiding penalties and fines.

Customer trust

Compliance with this policy conveys to customers that your company takes the protection of their personal information seriously, which strengthens trust and improves corporate reputation.

Information security

Implementing the regulations of this law involves adopting advanced security measures that protect personal data against cyberattacks and unauthorized access.

Reduction of legal risks

Implementing appropriate measures for the protection of personal data significantly reduces the risk of facing legal problems arising from security breaches.

Customer loyalty

Customers are more likely to remain loyal to a company that demonstrates a strong commitment to the privacy and security of their data.

Operational efficiency

The need for compliance drives companies to review and optimize their data handling and storage processes, which can result in greater operational efficiency.

Which companies are affected by the LOPD GDD?

1

Companies that process personal data

Any company that collects, stores, uses, or processes personal data of individuals must comply with the Organic Law on Data Protection. This includes everything from basic data such as names and addresses to more sensitive information such as financial and health data.

2

Organizations of any size

Large corporations:
Large companies that handle massive volumes of personal data, such as banks, insurance companies, and technology companies, are required to implement strict data protection measures.

Small and Medium-Sized Enterprises (SMEs): Even small and medium-sized enterprises that handle personal data must comply with the Organic Law on Data Protection. This includes local businesses, online stores, and any other company that collects customer data.

3

Public sector

Public Administrations and Entities:
All public entities, including ministries, city councils and autonomous bodies, must guarantee the protection of the personal data they manage.

4

Non-profit organizations

NGOs and foundations:
Non-governmental organizations and foundations are also required to comply with the Organic Law on Data Protection if they handle personal data, for example, of donors, beneficiaries or volunteers.

5

Autonomous people

Those who are self-employed and handle personal data, such as in the fields of consulting, law or medicine, must also comply with the Organic Law on Data Protection.

Success Stories

NOSO CAPITAL

LOPD

n an increasingly digital and regulated business environment, protecting customers' personal data has become a priority. In this context, implementing the Spanish Organic Law on Data Protection (LOPD) emerged as an essential challenge to guarantee customer trust and regulatory compliance.

See more success stories

Success Stories

NOSO CAPITAL

LOPD

In an increasingly digital and regulated business environment, protecting customers' personal data has become a priority. In this context, implementing the Spanish Organic Law on Data Protection (LOPD) emerged as an essential challenge to guarantee customer trust and regulatory compliance.

See more success stories

NOSO CAPITAL's success in implementing the LOPD has not only allowed the company to comply with legal obligations, but has also created an environment of trust and professionalism.

Customer Trust

Transparency and ethical practices in data handling have contributed to greater customer trust, resulting in increased customer loyalty and a higher retention rate.

By complying with the LOPD, NOSO CAPITAL has managed to differentiate itself from its competitors, positioning itself as a company that prioritizes the protection of its clients’ information, which has attracted new clients who value security.

The correct implementation of the regulations has allowed the company to mitigate the risk of sanctions and fines, which, in the current regulatory context, is a critical factor for long-term sustainability.

Frequently asked questions

The Spanish Organic Law on Data Protection (LOPD GDD) protects the rights of individuals in relation to their personal data. It guarantees that any information that identifies or could identify a person is treated with privacy and security. The LOPD GDD covers all citizens and residents whose data is collected, stored, or processed by companies, organizations, public entities, and self-employed professionals, ensuring that their personal information is not misused and that their rights to privacy and data protection are respected.

The Organic Law on Data Protection (LOPD GDD) in Spain is complemented by several regulations to ensure comprehensive protection of personal data. Here are the main ones:

General Data Protection Regulation (GDPR):

It is a European regulation that harmonizes data protection laws across all member states of the European Union. It establishes stricter principles and rights in the handling of personal data.

Law on Information Society Services and Electronic Commerce (LSSI-CE):

It regulates electronic commercial activities and establishes specific requirements on data protection in the context of online commerce.

Royal Decree-Law 5/2018:

Approved to adapt to the requirements of the GDPR before the complete update of the LOPD, this decree law complements and reinforces data protection obligations in Spain.

Law 34/2002, on Information Society Services and Electronic Commerce (LSSI):

Although it mainly regulates electronic commerce, it includes provisions related to data protection, especially in the area of ​​advertising and commercial communications.

Personal Data Protection and Guarantee of Digital Rights Act (LOPDGDD):

Approved in 2018, it adapts the LOPD to the GDPR and adds specific provisions on digital rights, strengthening the protection and control of personal data in the digital age.

These laws work together to create a robust data protection framework, ensuring that the rights of individuals are safeguarded in all contexts where personal data is handled.

The Spanish Organic Law on Data Protection (LOPD GDD) and the General Data Protection Regulation (GDPR) protect a wide range of personal data. These include:

1. Identification Data Name and Surname Identification Number (National Identity Card, Passport) Date and Place of Birth

2. Contact Information
Postal Address
Telephone Number
Email Address

3. Sensitive Personal Data
Health Data
Biometric Data Genetic Data
Data on Racial or
Ethnic Origin
Sexual Orientation
Religious or Philosophical Beliefs
Trade Union Membership

4. Economic and Financial Data
Banking Information
Income and Expenses
Credit History

5. Employment Data
Work History
Payroll Data
Performance Evaluations

6. Academic and Professional Background
Degrees and Certifications
Academic History
Professional Experience

7. Browsing and Online Activity Data
IP Address
Browsing History
Cookies
Device Identifiers

8. Location Data
Geolocation Data
Movement History

The Organic Law on Data Protection (LOPD GDD) was enacted on December 13, 1999 in Spain. Since then, all companies, organizations, and professionals that handle personal data are required to comply with its provisions.

Key Dates

LOPD 1999: The original LOPD GDD (Organic Law 15/1999) was mandatory from its entry into force in 1999.

GDPR 2018: The European Union’s General Data Protection Regulation (GDPR), which applies directly in all member states, including Spain, came into force on May 25, 2018.

LOPD GDD 2018: The Organic Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPD GDD), which adapts the LOPD GDD to the GDPR, was approved in December 2018, and compliance with it has been mandatory ever since.

Although they share the goal of protecting the privacy of individuals, there are significant differences between them.

1. Context and Evolution
LOPD GDD (1999): The LOPD GDD (Organic Law 15/1999) was the first Spanish legislation to regulate the protection of personal data. It focused on establishing the basic principles for data processing and guaranteeing citizens’ rights. LOPD GDD (2018):
The LOPD GDD (Organic Law 3/2018) was enacted to adapt Spanish legislation to the European Union’s General Data Protection Regulation (GDPR), which came into force in May 2018. This law not only integrates the provisions of the GDPR but also introduces new digital rights specific to the Spanish context.

2. Adaptation to the GDPR The Spanish Data Protection Act (LOPD GDD) was not aligned with the GDPR, as it was created before this European regulation came into force. The LOPD GDD adapts Spanish legislation to the GDPR, ensuring full consistency with the principles, rights, and obligations established by the European regulation.

3. Digital Rights

La LOPD no contemplaba derechos digitales específicos, ya que fue redactada antes del auge de la era digital.

The LOPDGDD includes a specific chapter on digital rights, such as the right to digital disconnection in the workplace, the right to be forgotten, and the regulation of digital wills, among others.

4. Scope and Technical Details

The LOPD established basic principles of data protection, but some technical details and specific obligations were not as developed as in later regulations.

The LOPDGDD provides greater clarity and specificity in the obligations of organizations, including technical and organizational measures, impact assessment, and the mandatory designation of a Data Protection Officer (DPO) in certain cases.

5. Sanctions and Compliance

The LOPD GDD included penalties for non-compliance, but these were less severe and detailed compared to the GDPR.

The LOPD GDD, in line with the GDPR, establishes more severe and detailed sanctions, which strengthens compliance and the protection of individuals’ rights.

Our Consulting Services

ISO 9001

ISO 9001:2026

EFQM

Q – TOURISM QUALITY

ISO 9100

CE MARKING

BIM standard

ENS – National Security Scheme

ISO 27001 – INFORMATION SECURITY MANAGEMENT

NIS2 – Cybersecurity Directive

ISO 20000 – IT Service Quality Management

ISO 22301 – Business Continuity Management

ISO 27799 – Information security management in healthcare

ISO 27701 – Information Privacy Management

TISAX Certification – Safety in the Automotive Industry

FSSC 22000 Safety and Food Safety

ISO 22000 – Food Safety Management

IFS Food Certification

IFS Broker Certification

Global GAP Certification

BRC – British Retail Consortium

GMP – Good Manufacturing Practices

Animal Welfare Certificate

Ecological Food Certification

HALAL certificate

KOSHER Certified

Certifications of Origin: PDO, PGI, TSG

Carbon Footprint – Calculation and Reduction

Water Footprint – Calculation and Reduction

SDGs – Sustainable Development Goals

Zero Waste

FSC / PEFC

Circular Economy

ISO 45001

ISO 22320

ISO 39001

TAX DEDUCTIONS FOR R+D+I

R+D GRANTS

UNE 166002 R+D+I MANAGEMENT SYSTEM

SME SEAL

EMAS

ISO 50001

ISO 14001

UNE 19601

ISO 37301

ANTI-FRAUD MEASURES PLAN

ISO 26001 – Guidance on Social Responsibility

SGE21 – Ethical and Socially Responsible Management

Non-Financial Information Statement Report

UNE 165010 – Management of Social Responsibility in the Company

SR 10

Our Equality Services

Equality Plan

More information

LGBTI+ Plan

More information

Equal Pay

More information

Harassment situations

More information

Other Equality Services

More information

Our Legal Department Services

LOPD GDD

More information

Prevention of Money Laundering

More information

Prevention of Criminal Offenses

More information

Internal Complaints Channel

More information

Some of our Legal Department Services

LOPD GDD

More information

Prevention of Money Laundering

More information

Prevention of Criminal Offenses

More information

Internal Complaints Channel

More information

LGBTI+ Plan

More information

Pay equality

More information

Harassment situations

More information

Other equality services

More information

Some of our Equality Services

Equality Plan

More information

LGBTI+ Plan

More information

Equal Pay

More information

Harassment situations

More information

Other Equality Services

More information

Follow us on our social media channels

Contact

Cybersecurity Company 2025

© 2024 All Rights Reserved.

Legal Area

Complaints Channel

Cookies Policy | Privacy Policy | Legal Notice

Sign In

Forgot password?

Register

Reset Password

Please enter your username or email address, you will receive a link to create a new password via email.

Facebook-f Linkedin

INGADE

Are you interested in Kit Consulting?

Contact us and we will guide you through everything.

Facebook-f Linkedin

Free LGTBI+ Plan with your Equality Plan Contact!

INGADE

Remember that if you already have your Equality Plan with Ingade you don’t have to do anything else. To hire him, simply fill out this form and we will contact you shortly.

Facebook-f Linkedin
contacto

Contacta rápidamente con

INGADE

Nos pondremos en contacto con usted a la mayor brevedad posible

Contact