Tuesday, 19 June 2018 15:50

GDPR has ‘created legal uncertainty’ relating to consent and the destruction of data

The issue of document management raises questions about how law firms and companies can be sure they are ‘not retaining data unduly’ when archiving information

The EU’s General Data Protection Regulation (GDPR) has led to uncertainty in areas such as “consent, legitimate interest and the destruction of data” and these issues need to be further analysed, attendees at a recent Iberian Lawyer event in Barcelona heard.
Participants in the debate – which was held in collaboration with Ecija and Iron Mountain – also said that the fact such analysis was still required was a concern, given that the regulations have now come into force. In addition, another concern expressed by attendees was that there are different criteria applicable to data protection – depending on the sector – and that this has created legal uncertainty.
Destruction of data is another problematic issue, participants argued, partly because companies need to ensure compliance but also be selective, and this means knowing which data to destroy. This also applies to document management in the sense that law firms and companies archive information and the new regulations raise the question of how they can be sure they are not retaining data unduly.

‘Costly process’
Furthermore, companies need to have an inventory of their information stockpiles, but carrying out such an inventory, or digitising archives is a costly process – one panellist highlighted the example of the health sector, in which there are vast, confidential archives of patients’ medical histories.
As the GDPR is now in force, companies need to ensure they have well-designed systems and processes in place for data management, and also need to analyse how to maximise investment in such processes so that they are effective and comply with the new regulations.
Another issue attendees raised in relation to GDPR was the importance of document management. Specifically, there are doubts about how companies can implement internal mechanisms that minimise risks and costs, as well as what structures are required as a bare minimum. In addition, there is uncertainty among clients about what measures need to be taken when it comes to obtaining consent.
Panellists said that, given the GDPR’s continental reach and its application to all companies and sectors, it can be interpreted in a number of ways and that this has created uncertainty. Meanwhile, data protection is also a new theme for many sectors, having previously only been something that concerned IT companies, panellists heard.
While the regulations give companies the opportunity to justify their actions with regard to data, according to event participants, the application of the law also brings complications. For example, some sectors are more sensitive than others to the theme of data protection, panellists agreed. However, the fact that the new regulations have been designed to be flexible to embrace all types of companies and sizes, and not just for multinationals working in various jurisdictions, is seen as a positive step.

Event: Implementing the GDPR in Three Steps
Location: Barcelona
In collaboration with: Ecija and Iron Mountain

Iberian Lawyer
N.108 • October 2021

IL98 cover SP IL94 cover EN

The Latin American Lawyer
N.21 • September 2021

IL98 cover SP IL94 cover EN

IpTmtAwardsSpain 2021 300x100 finalists 1

UIAMadrid 300x100

IL LatamAwards STD 300x100 1

IL LatamAwards STD 300x100 1

UIAMadrid 300x100

IpTmtAwardsSpain 2021 300x100 finalists 1

IL LatamAwards STD 300x100 1

IPTMTAwardsPT 2021 300x250 Vincitori

IL LatamAwards STD 300x100 1

This website uses cookies

We use cookies to ensure that we give you the best experience on our website. If you continue without changing your settings, we'll assume that you are happy to receive all cookies on the IberianLawyer website. However, you can change your cookie settings at any time. Learn more

I agree

What do I need to know about cookies?

A cookie is a small text file that’s stored on your computer or mobile device when you visit a website. We use them to:

  • Remember your preferences
  • Tailor our sites to your interests.

There are different types of cookies

First party cookies

These are set by the website you’re visiting. And only that website can read them.  In addition, a website might use a separate company to analyse how people are using their site. And this separate company will set their own cookie to do this.

Third party cookies

These are set by someone other than the owner of the website you’re visiting. 

Some IberianLawyer web pages may also contain content from other sites like Vimeo or Flickr, which may set their own cookies. Also, if you Share a link to a IberianLawyer page, the service you share it on (e.g. Facebook) may set a cookie on your browser.

The IberianLawyer has no control over third party cookies.

Advertising cookies

Some websites use advertising networks to show you specially targeted adverts when you visit. These networks may also be able to track your browsing across different sites.

IberianLawyer site do use advertising cookies but they won’t track your browsing outside the IberianLawyer.

Session cookies

These are stored while you’re browsing. They get deleted from your device when you close your browser e.g. Internet Explorer or Safari.

Persistent cookies

These are saved on your computer. So they don’t get deleted when you close your browser.

We use persistent cookies when we need to know who you are for more than one browsing session. For example, we use them to remember your preferences for the next time you visit.

Other tracking technologies

Some sites use things like web beacons, clear GIFs, page tags and web bugs to understand how people are using them and target advertising at people.

They usually take the form of a small, transparent image, which is embedded in a web page or email. They work with cookies and capture data like your IP address, when you viewed the page or email, what device you were using and where you were.

How does the Iberian Lawyer use cookies?

We use different types of cookies for different things, such as:

  • Analysing how you use the IberianLawyer
  • Giving you a better, more personalised experience
  • Recognising when you’ve signed in

Strictly Necessary cookies

These cookies let you use all the different parts of Iberian Lawyer. Without them services that you have asked for cannot be provided.

Some examples of how we use these cookies are:

  • Signing into the IberianLawyer
  • Remembering previous actions such as text entered into a registration form when navigating back to a page in the same session
  • Remembering security settings which restrict access to certain content.

Performance cookies

These help us understand how people are using the IberianLawyer online, so we can make it better. And they let us try out different ideas.
We sometimes get other companies to analyse how people are using the IberianLawyer online. These companies may set their own performance cookies You can opt out of these cookies here.Some examples of how we use these cookies are:

  • To collect information about which web pages visitors go to most often so we can improve the online experience
  • Error management to make sure that the website is working properly
  • Testing designs to help improve the look and feel of the website.
Cookie nameWhat it's for
Google DoubleClick The IberianLawyer uses Google DoubleClick to measure the effectiveness of its online marketing campaigns.Opt-out of DoubleClick cookies
Google Analytics From time to time some IberianLawyer online services, including mobile apps, use Google Analytics. This is a web analytics service provided by Google, Inc. Google Analytics sets a cookie in order to evaluate use of those services and compile a report for us.Opt-out of Google Analytics cookies