Regarding the content of the duty to inform, the LOPD 7/2021 It establishes some aspects that are the same, others that present minor changes and finally eliminates aspects to be reported.

Regarding aspects that remain the same in the content of the duty to inform, it is worth highlighting:

Art. 13 GDPR	Art. 21 LOPD criminal sanctions
the contact details of the data protection officer, where applicable	The contact details of the data protection officer, if applicable
the purposes of the processing for which the personal data are intended	The purposes of the processing for which the personal data are intended
the legal basis for the processing	The legal basis for the processing
the recipients or categories of recipients of the personal data, where applicable	The categories of recipients of personal data, where applicable, in particular those established in States that are not members of the European Union or international organizations
where applicable, the intention of the controller to transfer personal data to a third country or international organisation and the existence or absence of an adequacy decision by the Commission, or, in the case of transfers referred to in Articles 46 or 47 or the second subparagraph of Article 49(1), reference to the appropriate or suitable safeguards and the means of obtaining a copy of those safeguards or the place where they have been made available
the period for which the personal data will be stored or, where this is not possible, the criteria used to determine this period	The period for which the personal data will be retained or, where this is not possible, the criteria used to determine that period

Regarding the information that presents minor changes, it stands out:

Art. 13 GDPR	Art. 21 LOPD criminal sanctions
the identity and contact details of the controller and, where applicable, from your representative	The identification of the data controller and their contact details
the existence of the right to request from the data controller access to personal data relating to the data subject, and their rectification or deletion, or restriction of their processing, or to object to processing, as well as the right to data portability	The right to request from the data controller access to personal data relating to the interested party and its rectification, deletion or restriction of processing
the right to lodge a complaint with a supervisory authority	The right to lodge a complaint with the competent data protection authority and its contact details

However, there are aspects of the GDPR that are not incorporated into the duty to provide information in LOPD 7/2021, as these are grounds for legitimacy or rights that do not apply to this regulation.

Art. 13 GDPR

when processing is based on Article 6(1)(f), the legitimate interests of the controller or of a third party

when the processing is based on Article 6(1)(a) or Article 9(2)(a), the existence of the right to withdraw consent at any time, without affecting the lawfulness of processing based on consent prior to its withdrawal

if the communication of personal data is a legal or contractual requirement, or a requirement necessary to enter into a contract, and if the interested party is obliged to provide the personal data and is informed of the possible consequences of not providing such data

the existence of automated decision-making, including profiling, referred to in Article 22(1) and (4) and, at least in those cases, meaningful information about the logic involved, as well as the significance and envisaged consequences of such processing for the data subject.

Finally, with regard to the duty to provide information when the data comes from a third party, the LOPD 7/2021 is not as specific as the GDPR.

Art. 14 GDPR	Art. 21 LOPD criminal sanctions
the source from which the personal data comes	Any other necessary information, especially when the personal data has been collected without the knowledge of the data subject
the categories of personal data concerned

If you would like more information about Regulatory Compliance and Data Protection, visit our blog

Subscribe to our newsletter to stay up to date with all the news

Name and surname *

Email *

I give my express consent and accept the Privacy Policy.

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.