We are aware that personal data leakage of self-employed workers is a big issue that concerns a lot of people lately. If you want to learn more about personal data protection in Spain then keep reading!
How did it happen?
Recently a report coordinated by Xnet, an organization for the defense of digital rights, showed that the personal data of a large number of self-employed workers in Spain is being leaked and is even marketed without their knowledge.
The most exposed professions in this regard are self-employed with lower incomes, mainly in areas such as cleaning, personal services, hospitality, retail, drawing, audio and video, repairs, etc.
It all began when a self-employed graphic designer googled herself up and, to her surprise, came across a business information website listing her DNI, postal code, personal address, phone number, email, and a comment about her financial solvency. Scary, isn’t it?
The study concluded that the procedure that causes this data leakage is the one made between the Tax Agency, the Spanish Chamber of Commerce, Camerdata, and private consultancies.
When registering as a self-employed worker, you have to provide your name, DNI number, phone number, address, and certain extra information required by different state bodies in each particular case, as it happens in the census of Economic Activities of the Tax Agency, which is a database with all the entrepreneurs in different fields categorized by the CNAE. Therefore, people working from home have to provide their home addresses and personal contacts.
The Treasury then transfers this data to the Chambers of Commerce, which make a public census of companies and compile all the data in a directory. There, data on Spanish companies can be consulted and purchased in order to “carry out commercial actions” such as identifying potential new clients. Self-employed workers are, technically, companies set up by an individual, so they are also included in this database.
From this stage, the Chambers of Commerce sell these databases to different specialized search engines that process them and offer them to their clients. This information is free and available to the public for the first consultations, but after that, it is necessary to pay to continue having access to it.
Due to this issue, which has been made visible only recently, it has been found that there is a big legal gap regarding the publication and handling of this data, so it is necessary to solve how to address this subject in order to protect the privacy of all the self-employed working in Spain.
What is personal data protection for the self-employed?
Any self-employed worker is obliged to comply with the GDPR (General Data Protection Regulation) in the European Union whenever they collect personal information. Thus, personal data protection for the self-employed is mandatory as it is for any other company or public organization.
The data processed are usually from suppliers, customers and employees, or obtained from resumes. They must be handled following a series of steps and applying the necessary technical and organizational measures to ensure their security.
Is there some law that protects my data as self-employed?
As we mentioned above, the GDPR, published in 2016, is the law that controls the processing of personal data throughout the European Union. To go into detail about what the GDPR involves, we can take a look at its objective:
It “lays down the rules relating to the protection of natural persons with regard to the processing of personal data and the rules relating to the free movement of such data.”
Because of this, the data controller must inform individuals about:
- The identity of the data controller.
- The categories of the data to be processed.
- The legal basis and purpose of such processing.
- Whether the data will be disclosed to third parties.
- The period for which the data will be kept.
- The channels through which individuals can exert their rights of access, rectification, deletion, limitation of processing, portability, and opposition.
This regulation is a general law and does not prevent each EU member country from developing its own national laws. For example, we know that Spain has developed the Ley Orgánica de Protección de Datos y Garantía de Derechos Digitales (LOPDGDD) which aims to ensure the protection and proper treatment of personal data. One of its greatest advantages is that this Spanish adaptation falls under the scope of the GDPR, so if you comply with the GDPR, you are also complying with the LOPDGDD.
Consequently, when talking about data protection in Spain, the law of reference is the LOPDGDD, which establishes the requirements and responsibilities for data protection in companies and how to proceed with personal information in their custody.
The implications of express consent
The GDPR states that consent for data processing must be express, that is, given specifically, either verbally or in writing. This consent must be given by voluntary and unambiguous action of the user, for example, by ticking a checkbox. Implied consent is no longer sufficient.
To comply with the GDPR on a website, a series of legal texts must be included:
The legal notice informs about the identity of the website owner.
The privacy policy indicates how your personal data is treated on the website, the obligations of the data controller, and the rights of the data owner.
The cookies policy indicates which cookies the website installs in the user’s browser.
Please, keep in mind that all companies, public entities, or consultants that handle the personal data of third parties are required to comply with the GDPR.
What to do if some of my personal data has been leaked?
If your data as a self-employed individual in Spain has been leaked, it is important to take immediate action to protect yourself and your business. Here are some steps you can take:
- Determine the extent of the leak: Try to determine how much of your data has been compromised and what types of data have been leaked. This will help you understand its potential impact and take appropriate steps to address it.
- Notify authorities: you should report any irregularities in the processing of your data by third parties to the appropriate authorities, such as the police or the Spanish Data Protection Agency (Agencia Española de Protección de Datos).
- Alert affected parties: If the leak affects other individuals or organizations, you should alert them as soon as possible so that they can take steps to protect themselves.
- Change your passwords: If you think your passwords may have been compromised, change them immediately. Make sure to use strong, unique passwords for all of your accounts.
- Monitor your accounts: Keep a close eye on your accounts and monitor for any unusual activity. If you notice something suspicious, report it to the appropriate authorities and institutions.
- Take steps to prevent future leaks: Evaluate your security systems and consider implementing additional measures to protect your data, such as using two-factor authentication and encrypting your data.
If you take these steps and follow best practices for protecting your data, you can help minimize the impact of a data leak and protect yourself and your business.
No need to worry in Entre Trámites
At Entre Trámites we understand how important is your business to you, and that’s why we take all measures to ensure the security of your company and personal data, besides, you can access the information of your procedure whenever you want, ask your personal manager about it and also read our Privacy Policy, which guarantees full transparency at every step.
We want to listen to you and know what your questions are about this matter. Count on the advice of our experts to clarify all your doubts.
Contact us! Through the contact form you can leave your details for us to call you, schedule a free consultation with us, or simply text our WhatsApp.