News from the RGPD, the self-employed and legal entities are the aspects that we will discuss in this article.
News from the RGPD, the self-employed and legal entities
Where has the exclusion of the regime of protection of the rights of natural persons in the exercise of their commercial or professional activity?
It seems that individual entrepreneurs, the self-employed of all life, have under the new RGPD regulations, the treatment of their protected data in comparison with the entrepreneur who has a society, even if it is unipersonal, does this differentiation make sense?
And what happens, now, with the contact data we have of an individual entrepreneur … his secretariat, his commercial, his delivery …?, Is the current time the treatment of contact data? Will I have to ask for the unequivocal consent to the contacts of the individuals to treat their personal data?
The Regulation for the development of the current law on the Organic Law on Data Protection (RD 1720/2007) states that its scope of application is that:
2.2. This regulation does not apply to the treatment of data referring to legal entities, nor to files that are limited to incorporating the data of natural persons who provide services in social networks, consisting exclusively of their first and last names, functions or positions held, as well as the postal or electronic address, telephone number and professional fax number.
2.3. Likewise, the data relating to individual persons, when they are referred to as traders, are also included in the personal protection category.
In other words, under the, already early, old regulation, the data of individual entrepreneurs or those of people working in companies or entities with legal personality, are not considered personal data.
Does the European Data Protection Regulation change anything in this matter?
Neither the RGPD nor the Draft Organic Law on Data Protection presented before the Congress -which is already being criticized before its discussion- contains an article that allows us to deduce the treatment of the data of businessmen, natural persons as merchants or professionals, outside the scope of the application of data protection.
In the RGPD, in CONSIDERING 14, it is stated that:
(14) The protection granted by this Regulation should apply to natural persons, regardless of their nationality or their place of residence, in relation to the processing of their personal data. This Regulation does not regulate the processing of personal data relating to legal persons and in particular to companies incorporated as legal persons, including the name and form of the legal entity and their contact details.
That is to say, it is clear to me that only the treatment of the data of the companies constituted as legal persons, and their contact data, are outside the scope of application of the Law.
And what does the Organic Law Project drawn up by the Ministry of Justice say?
Article 19. Treatment of contact data and individual entrepreneurs. 1. Unless proven otherwise, it will be presumed covered by the provisions of Article 6.1 f) of Regulation (EU) 2016/679 the treatment of contact data of natural persons who provide services in a legal entity provided that the following requirements: a) That the treatment refers only to the data necessary for its professional location. b) That the purpose of the treatment is only to maintain relations of any kind with the legal entity in which the affected person provides his services. 2. The same presumption will operate for the treatment of data relating to individual entrepreneurs when they refer to them only in that condition and are not treated to establish a relationship with them as individuals.
Article 6.1.f of the RGPD says: 1. The treatment will only be legal if at least one of the following conditions is met: (…) f) the treatment is necessary for the satisfaction of legitimate interests pursued by the controller or by a third party, provided that such interests do not prevail the interests or fundamental rights and freedoms of the interested party that require the protection of personal data, particularly when the interested party is a child.
News from the RGPD, and legal entities
Under these premises, we understand that the TREATMENT OF THE DATA OF AN INDIVIDUAL ENTREPRENEUR would be included in the scope of application of the RGPD, as well as the data of the natural persons who provide services in a legal entity, but it can be presumed to be legal provided that is necessary for the satisfaction of the legitimate interests of the Responsible.
Whether or not the “legitimate interests” will be discussed another day.
By Olga Guidotti
Senior Consultant
©Legal Compliance, S.L.
