This Royal Decree governs those aspects that cannot be delayed until approval of the Organic Law and contains 14 articles organised into three chapters, two additional provisions, two transitory provisions, one derogating provision and one final provision.
Chapter I governs certain aspects of inspection relating to data protection, specifically, regarding the scope and personnel authorised to carry out the activity of investigation that the GDPR grants to supervisory authorities and the scope of investigation. Chapter II introduces the penalty regime established in the General Data Protection Regulation and Chapter III governs the proceedings in the event of a possible breach of the data protection regulations.
Furthermore, the first additional disposition appoints the Spanish Data Protection Agency (Agencia Española de Protección de Datos) as representative in Spain in the European Committee. The second additional disposition contains details regarding the publication of resolutions by the Spanish Data Protection Agency.
Finally, the first transitory disposition establishes the transitory regime of the proceedings and the second transitory disposition, the situation of processing contracts signed prior to 25 May 2018.
The Royal Decree Law derogates the regulations of equal or inferior rank which oppose the contents thereof and Articles 40 and 43 through 49 (with the exception of Article 46) of Organic Law 15/1999, of 13 December, on the Protection of Personal Data.
The Royal Decree Law will be in force from the day after it is published in the BOE and the entry into force of the new organic law.