In the first phase of the mediation, when explaining what mediation is and how the process works, it is important to make clear the work and operating system that is going to follow. We tell you everything you need to know about data protection in mediation.
It is important to clarify to the parties that their personal information They are necessary for the proper development of the sessions, in addition to being essential to include them in the minutes and the mediated agreement.
Importance of confidentiality
In this sense, during the mediation process, not only is confidentiality important, but you must also comply with the Organic Law on the Protection of Personal Data and Guarantee of Digital Rights (LOPDGDD), which was generated to adapt Spanish legislation to European regulations, defined by the General Data Protection Regulation (GDPR), effective as of May 25, 2018.
This national law came into force on December 6, 2018, replacing the old one Organic Law 15/1999 of Personal data protection.
The purpose of the LOPDGDD is protect the intimacy, privacy and integrity of each person, in compliance with article 18.4 of the Spanish Constitution. In the same way, regulates the obligations of people in all data transfer processes to guarantee the security of the exchange.
What data is needed?
From the beginning of the process you will need personal information. They are considered personal information any information in text, image or audio that allows the identification of a person.
Between this type of data There are more basic ones that pose little risk, such as the name or telephone number of the person and there is also sensitive information about high risk, such as the political tendency, the beliefs or religions professed by the parties or health data.
It must be clear to the parties that Your data will be used only and exclusively for the required purpose., that is, to provide an adequate mediation service and help them with their conflicts.
You must communicate the database to which the information collected will become part, so that each person can make use of their right to rectify or delete their data from the mediator's database.
Consent of the parties
To avoid confusion or misunderstanding a consent is completed, in general, that It must be free, informed, specific and unambiguous. For this to be the case, a declaration is collected from the interested parties in which they proceed to accept the conditions.
Consent is required has to be “manifest” in certain cases. For example, to authorize the processing of sensitive data.
It is evident that mediators that offer their services on the internet, regardless of whether they offer in-person or virtual mediation, are also affected by the LSSICE (Law on Information Society Services and Electronic Commerce)
What is the Information Society Services and Electronic Commerce Law?
The LSSICE It is the law that regulates the sale of products and the provision of services over the Internet.
This regulation regulates the following aspects and among the objectives we find:
- -Establish the communications requirements commercial electronically.
- -Regulates obligations of intermediaries in the provision of audiovisual services.
- -Defines the way in which electronic contracts are made.
- –Develop the sanctioning regime for non-compliance with the norm.
- -The adaptation of Spanish regulations to European regulations.
- –Guarantee a legislative framework adapted to the demands of new times.
He Compliance with the LSSICE is mandatory for each person or companies that carry out economic activities through the Internet or information society means.
This includes all web pages, eCommerce and virtual stores that sell products or services directly, or that obtain income indirectly (advertising, sponsorships, affiliation, etc.) must comply with this regulation.
He internet data processing, he economic exchange through the network or advertising that shares Each mediation professional or entity on its website is subject to the LSSICE.
In this case the responsibility to inform Compliance with the LSSICE is a matter for each mediator or entity; no type of consent is required from clients or users and the completion of any document is not required.
Model adaptation
So that The Spanish model adapts to the European Regulation regarding Data Protection in mediation has had to incorporate some news important.
Among other issues, new obligations are collected on the processing of personal data in cross-border procedures, and establishes guarantees for biomedical research beyond personal protection.
It is evident that All these modifications affect, to a greater or lesser extent to the work of mediators regarding the processing of personal data.
Family mediation cases
In cases of family mediation, the parties explain their experiences to the mediator, express their emotions, tell them sensitive family information, detail the most delicate aspects of their conflicts and their family relationships, all of this must be treated based on current legal regulations.
This means that separately or within the mediation initiation document itself, express consent must be obtained of the parties for the transfer and processing of their personal data, for the service they request, making clear the right to renounce the processing of these once the action is completed.
Types of sanctions
Depending on the violation, LOPDGDD and RGPD sanctions Administrative expenses can reach between 10 and 20 million euros, or between 2% and 4% of the organization's global annual business volume. The violations They are divided into very serious, serious and mild.
Very serious: prescribe after three years.
- –Use of data for a different purpose of the announced
- -Omission of duty to inform the affected person
- -Requirement of a payment to be able to access your own stored data
- -International transfer of information without guarantees.
Graves: They prescribe after two years.
- -Minor data collected without consent
- -Lack of adoption of necessary technical and organizational measures for effective data protection
- -Breach of the obligation to name the responsible person or data processing officer
Mild: prescribe in one year
- -No transparency of information
- -Failure to report the affected person when he/she has requested it
- -Non-compliance by the person in chargeof his obligations
This records the importance of correctly complying with current regulations in force regarding data protection in mediation.
Is a work that each professional can carry out in their own workplace, But there are also consultancies dedicated exclusively to compliance with this legislation, which, for the most part, also offer legal advice on the matter to each professional who hires them.
