Published: Feb 26, 2019
Last update: Jun 22, 2022
Legal SMS how to

We explain how to have a database that complies with the Data Protection regulations

How to have a database that complies with Data Protection regulations 1
We explain how to have a database that complies with the Data Protection regulations
4.9 (98.46%) 13 votes

Do you want to comply correctly with the RGPD and the new Personal Data Protection Act (LOPD in Spanish)?

We explain how to have a database that complies with the Data Protection regulations

The collection/obtainment of personal data is essential for all types of businesses and institutions. Not in vain, Big Data is making a difference in digital economy. Therefore, knowing what to do to have a database obtained and processed legally is a priority.

In this article, we propose a way of doing so correctly. So you can avoid possible penalties or negative repercussions to the name and reputation of your company.


How to have a database that complies with  Data Protection regulations?

In order to have a database obtained and used legally, both the European Data Protection Regulation (GDPR) 2016/679 and the new Organic Law for the Protection of Personal Data (LOPD in Spanish) 3/2018 must be complied with.

But you not only have to comply with the regulations for this purpose. You also have to process personal data. We are talking about customers, employees, suppliers, CVs, images, etc. All this information must also comply with all the requirements established by the aforementioned regulations.

Regarding the personal data of customers (everyone who has bought/acquired a product or hired a service), they can be processed to contact them to deliver the product. Also to provide the service. To send reminders of appointments or meetings. To contact them. To comment on any aspect of the service they have contracted or the product they have purchased, etc.

Requirements you should know when contacting your customers:

You can also send advertising and marketing to customers, just because they are customers (legitimate interest of the processor, Item 47 GDPR). Without having to obtain their consent, but meeting the following requirements:


You can only send advertising about the products and services of your sector (similar products and services to the ones they have purchased).
When obtaining/collecting their data, you have to inform them (and be able to prove you have informed them) about the extremes stated in the aforementioned regulations.
Whatever the medium through which you send your commercial information, you have to give them the possibility of opposing to you sending them more advertising in a clear and simple way.
You’re not allowed to transfer your database to other companies.

Permission and consent to send text messages

In order to send advertising about your products or services to individuals who are not your customers (people who request information at fairs, events or competitions, through the company website or physically at the shop or offices, for example) you have to get their clear, explicit and unequivocal consent. And also be able to prove later that you have actually obtained it that way.


In any case, before the interested party gives their consent, you have to inform them of the extremes that the two previous regulations include in their articles. Therefore, you should first inform and then ask for consent.


Exceptions when sending advertising:

There are certain exceptions in relation to customer data. The data of non-customers must be removed from your database if they exercise their right of deletion, regulated in the laws stated above.

Having a database obtained and used legally, as well as your company complying with data protection regulations, is essential to avoid penalties from the Spanish Agency for Data Protection. As well as not to harm the image and reputation of your company.

If you want to send advertising text messages safely, at LabsMobile, we can help.

Note: This article has been written in collaboration with comServeral, Data Protection and Electronic Commerce consulting firm of reference.