New Eip Logo
EIP Talent Student access
  • es_ES
  • en_GB

Share on social networks!

Article 4 LOPD 7/2021: Rights of interested parties

by
photorealistic law environment min

Regarding the rights of data subjects, LOPD 7/2021 establishes some differences with respect to the GDPR, which are worth highlighting.

The right of access and the right to restriction of processing have new features, which we will detail below.

The right of access if there is no response within one month, the request will be deemed rejected, if after said period has elapsed since its submission it has not been expressly resolved and notified to the interested party.

When a data subject's requests are manifestly unfounded or excessive, particularly due to their repetitive nature, the data controller may reject them by means of a reasoned decision. In any case, a request will be considered repetitive when three requests are made on the same subject matter within a six-month period, unless there is a legitimate reason for doing so (in the LOPDGDD, this is more than one occasion within a six-month period).

The content of the right of access is differentiated as follows:

GDPRLOPD criminal sanctions
the purposes of the treatmentThe ends and the legal basis for the processing
the categories of personal data concernedThe categories of personal data concerned
the recipients or categories of recipients to whom the personal data have been or will be disclosed, in particular recipients in third countries or international organisationsThe recipients or categories of recipients to whom the personal data have been communicated, in particular recipients established in States that are not members of the European Union or international organizations
if possible, the planned period for which the personal data will be retained or, if not possible, the criteria used to determine this periodThe period for which the personal data will be retained, where possible, or, if not, the criteria used to determine that period
the existence of the right to request from the controller rectification or erasure of personal data or restriction of processing of personal data relating to the data subject, or to oppose such treatmentThe existence of the right to request from the data controller the rectification or deletion of personal data relating to the interested party or the restriction of their processing
the right to lodge a complaint with a supervisory authorityThe right to lodge a complaint with the competent data protection authority and the contact details of the same
where the personal data have not been obtained from the data subject, any available information as to their sourceThe communication of the personal data being processed, as well as any information available about its origin, without revealing the identity of any natural person, especially in the case of confidential sources.
the existence of automated decision-making, including profiling, and, in such cases, meaningful information about the logic involved, as well as the significance and envisaged consequences for the data subject

Regarding the right to restrict processing, the GDPR applies in four cases:

  • the data subject contests the accuracy of the personal data within a period enabling the controller to verify their accuracy;
  • The controller no longer needs the personal data for the purposes of the processing, but the data subject requires them for the establishment, exercise or defence of legal claims.
  • the processing is unlawful and the data subject opposes the erasure of the personal data and requests the restriction of their use instead;
  • the data subject has objected to processing pursuant to Article 21(1) pending the verification whether the legitimate grounds of the controller override those of the data subject

Applying in the LOPD 7/2021 only in the first two cases:

  • The data subject questions the accuracy of the personal data and its accuracy or inaccuracy cannot be determined.
  • Personal data must be retained for evidentiary purposes

Regarding the rights of rectification and erasure, there are no new developments with respect to the GDPR.

Regarding the rights of opposition and portability, they do not apply to the LOPD 7/2021

Regarding the right not to be subject to a decision based solely on automated processing, in the GDPR, the data subject may object unless:

  • is necessary for the conclusion or performance of a contract between the data subject and a data controller
  • is authorized by Union or Member State law to which the controller is subject and which also lays down suitable measures to safeguard the data subject's rights and freedoms and legitimate interests
  • is based on the explicit consent of the interested party

Being prohibited from being the subject of an individual decision based solely on automated processing, in the LOPD 7/2021, except in one case (which coincides with the second case of the GDPR):

  • that is expressly authorized by a law or by European Union law. The enabling regulation for processing must establish appropriate measures to safeguard the rights and freedoms of the data subject, including the right to obtain human intervention in the review process of the decision taken.

If you want to learn more about Data Protection & Regulatory Compliance, visit our blog.

 

Subscribe to our newsletter to stay up to date with all the news

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.
Blog Master Dpo

Leave a comment

EIP International Business School informs you that the data in this form will be processed by Mainjobs Internacional Educativa y Tecnológica, SAU as the party responsible for this website. The purpose of collecting and processing personal data is to manage your subscription to the newsletter as well as to send commercial information about the services of the data controller. The legitimacy is the explicit consent of the interested party. Data will not be transferred to third parties, except under legal obligation. You may exercise your rights of access, rectification, limitation and deletion of data at compliance@grupomainjobs.com, as well as the right to lodge a complaint with the supervisory authority. You can consult additional and detailed information on Data Protection in the Privacy Policy that you will find on our website.

Members of 

Latin American Council Schools Admission Logo
Business School Logo
Euphe 1
Euphe 2

Recognitions

Qs Rating Horizontal 0
Qs Rating Horizontal 4
Qs Rating Horizontal 1
Qs Rating Horizontal 2
Qs Rating Horizontal 3
Qualificam Logo Footer

Educational partners

Harvard Negative (1)
Microsoft Academy (1)
Aws Academy Logo Footer
Cisco Networking Academy White
Ausape Logo
Logo Compliant Professional Association White
Buildingsmart Rgb Spain Chapter Member V2
Pmp Logo Footer
Global Suite Logo White
Minsoit Sap Svg
Pvsyst Logo
Logo Capman Footer
Toeic Logo White
Python Institute Logo White
Its Logo White
Ccsp Badge
Cdpp
Cpcc
oscp-certified
Legal warning Use of Cookies Privacy Policy Quality politics Complaint channel Registration Conditions join us

EIP Teatinos University Campus - Málaga - Spain

© EIP | International Business School 2010-2025

Trademark registered with the OEPM. No. 3,735,191