[Last reviewed: January 2025]
Yes
Although exceptional, recent regulatory changes have included some very specific data localization requirements in Spain.
Article 4 of Royal Decree-Law 14/2019 introduces a new Article 46 bis in Law 40/2015 on the Legal Regime of the Public Sector which establishes the prohibition of keeping several kind of data outside of the EU.
In this regard, the information and communication systems that collect, store, process and manage the following data must be located and provided in the EU:
- electoral roll;
- municipal register of inhabitants and other population registers;
- tax data; and
- personal data of the national health system's users.
These cannot be transferred to third countries or international organizations with the exception of those that have been subject to an adequacy decision by the European Commission, or when so required for compliance with the international obligations assumed by Spain (e.g. when required by international treaties or agreements between Spain and third countries).
Last review date: January 2025
☒ Obligation for public sector organizations to share or make accessible non-personal data
☒ Obligation for private organizations to share or make accessible data generated by connected or "IoT" devices
☒ Obligation for private organizations to share or make accessible other non-personal data
Please refer to the EU Chapter for detailed information regarding EU-wide legislation.
Last review date: January 2025
☒ Obligation to share data on request
☒ Obligation to share data proactively
☒ Obligation to (re)design products or services to facilitate data accessibility
☒ Obligation to standardize products or services to facilitate data portability or interoperability