Revista Internacional de Derecho de la Comunicación y de las Nuevas Tecnologías. ISSN: 1988‐2629

Call for Papers  2020: envíos hasta 30 de noviembre 2019 (número marzo 2020) / envíos hasta 20 de abril 2020 (número septiembre 2020)

DERECOM. Derecho de la Comunicación. - Elementos filtrados por fecha: Junio 2019

Carolina del Valle Montoya Santiago

Métodos y Tecnologías de Sistemas y Procesos SL.

Esta dirección de correo electrónico está siendo protegida contra los robots de spam. Necesita tener JavaScript habilitado para poder verlo.




The new laws for the protection of personal data, both at European and at national level, point to a greater specification on the regulation of this category of sensitive data which, in principle, should provide greater clarity to the treatment of information concerning this type of data and, more specifically, the health message. However, if the regulatory development is exceeded, as it may have happened with the Organic Law 3/2018, the interpretation of the theoretical basis of the protected right may throw a halo of legal lack of accuracy.

The sections of this Law begin by defining the basic regulation for the exercise of the right to the protection of personal data, stating that it will be done in accordance with the provisions of both Regulation (EU) 2016/679 and the Spanish Organic Law itself; consequently, this is the legal framework by which the data relative to the health of the people are governed. In the same section, the Spanish legislator introduces, for the first time, specifically, the recognition of the protection of personal data as a fundamental right of natural persons in line with what is precisely stated in Regulation (EU) 2016/679 which should be developed by the Spanish Act.

However, a constitutional basis is added to the right that concerns us, its guarantee being placed under the protection of article 18.4 of the Spanish Constitution concerning the rights to honor and to privacy. This asset is not included in the European Regulation, and it might hapen that by inserting it in the content of the Law, the defence of the right to information that also underlies the information self-determination could vanish into thin air, thus tipping the balance against the right to receive one´s own health information as a part of the whole right to information.

Publicado en Artículos de fondo

Monika Kwiatkowska

Ping Identity Corporation

Esta dirección de correo electrónico está siendo protegida contra los robots de spam. Necesita tener JavaScript habilitado para poder verlo.


Putting in place a data processing agreement between a data controller and a data processor (or a data processor and a data sub-processor) is a requirement for data processed within the scope of GDPR. This document, which is a proper contract between the two parties, aims to ensure that everyone involved is handling personal data in accordance with GDPR's stipulations and in line with the rules pre-established by the parties. Most importantly, it lays down requirements for data processors to meet before they are trusted with the data provided by the data controller. Both data controller and processor are, however, often driven by divergent interests when establishing such document. Main challenges are the ones relating to: responsibility for determining the scope and types of data processed; obligations to assist and cooperate; liability for implementation of adequate security measures and for security incidents; exercising data subjects' rights; questions relating to data residency and international data transfers; use of sub-processors; timeframe for notification obligations, etc. 

The paper is a practical perspective on how these different issues are addressed by the business and what arguments can be raised by each party when discussing various aspects of the data processing.


Publicado en Artículos de fondo


Revista Internacional Online de Derecho de la Comunicación.


Para cualquier ampliar información o para anunciarse en nuestra web haga click en CONTACTO

Últimas noticias