Data protection agencies conducting more inspections following introduction of GDPR

The introduction of the General Data Protection Regulation has contributed to a rise in inspections by data protection agencies, with the result that clients are requiring more legal advice on audits, says Norman Heckh, partner at Ramón y Cajal Abogados.

“Data protection issues have of course been a major concern for clients recently, and we have conducted a large number of audits and reviews,” says Heckh. However, as clients become more savvy and begin to take a closer look at the details, the nature of the services they require is changing. “Clients are no longer just demanding an audit, but looking for sophisticated advice,” says Heckh. “This is generating work for data protection specialists.”
Also contributing to the enhanced focus on data protection issues is the recent increase in inspections. “We´ve started to see inspections and we´ll see sanctions in the future,” says Heckh. “The data protection agency is very sophisticated, not just in terms of the legislation but also regarding specific industries – inspectors know what to ask, and where to focus efforts.” While this may seem a potential source of trouble for companies, Heckh believes that it will have a positive impact by generating legal certainty. “A lack of legal certainty is a challenge faced by many clients in the technology industry, which tends to move at a faster pace than regulations,” he adds. “The regulator often doesn’t provide fast enough answers,” says Heckh. “Technology companies take compliance seriously, but many wouldn´t have launched if they had been too cautious,” he adds. “There is a lack of flexibility in legislation which causes doubt for clients,” says Heckh. “We help by providing answers based not just on legislation, but common sense – clients demand less aversion to risk as well as highly commercial advice from us.”

Laura Escarpa