Legal Statement

All entities are required to comply with data protection legislation, that either destroy confidential documents.

In this sense, There are regional laws, national and European.

European Parliament

  • Directive 95/46 /EC.
  • Decision 1600/2002 by the Sixth Action Programme Environment Matter set.

Spanish State

  • Organic Law 15/1999 Protection of Personal Data.
  • Royal Decree 994/99 amending the regulations on security measures for automated files containing data of a personal nature.
  • Royal Decree 195/2000 by the deadline established to implement the security measures for automated files under Regulation approved by Royal Decree 994/1999.
  • Law 10/1998 waste.

Autonomous Community of Catalonia

  • Law 5/2002 of the Catalan Data Protection

Autonomous Community of Madrid

  • Law 8/2001 Protection of Personal Data of the Community of Madrid

Autonomous Community of the Basque Country

  • Law 2/2004 Files of Personal Data of Public Ownership and the Creation of the Basque Agency for Data Protection

How it affects you the Law 15/1999 Protection of Personal Data?

Many managers of companies or business owners still do not know the content of this law and do not consider the legal implications, penalties and costs that may result from poor management of confidential information. Your company is responsible for the integrity of the data handled and reputation can suffer irreparable damage if one takes an action for misuse of the information. The law requires destroying all confidential information regularly.


  • In the U.S. began to speak in the legislature during the Kennedy years 60 and in 1974 was legislated with the Privacy Act.
  • In Europe also began to speak of the concept of data protection, but until 1980 not a recommendation of the OECD was
  • Council of Europe Convention 1981.
  • UNO Guidelines 1990.
  • UE Directive 1995.
  • Currently they are preparing new laws.

Theoretical Foundations in Data Protection Legislation

  • Right to privacy.
  • Determining the information itself.
  • Theoretical rules.
  • Proposition and purpose.
  • The information must be stored, use to have a purpose and then be destroyed.

Basis for establishing secure systems in the industry

  • The security industry needs trusted employees.
  • There is a legal obligation to destroy data (with major penalties).
  • The greatest damage is the loss of customer confidence.

Risks for which we must establish a secure system

  • Negligence and carelessness on the part of employees. The only way to fix it is establishing secure systems and simple, without long storage and, if it can be, with simple, daily collection.
  • Thefts.
  • Organized crime and espionage

Confidentiality is strictly protected by the Data Protection Directive 95/46 EG

  • The law protects the confidentiality.
  • The public and private sectors are treated equally.
  • Personal data may only be processed for certain purposes.
  • They can only be treated with consent or the existence of a prior contract.
  • The destruction of data is defined in the process..
  • The data output is limited EU.

Spanish Data Protection Agency: