Trade secrets and data protection – Part 2

Last November we published the first part on trade secrets and data protection. In this post, we introduced the subject by explaining trade secrets and the law that protects them. Today we are going to finish exploring the topic and shed some more light on it. Let’s go!

What is a violation of secrets?

A violation of trade secrets is considered to be when a person or entity accesses a company’s confidential information without authorisation and uses it to obtain economic benefits or competitive advantages.

This can range from disclosing confidential information to third parties, using trade secrets to directly compete with the company, or even misappropriating confidential information to sell it to another company.

Steps to protect your trade secrets

When guaranteeing the protection of trade secrets, a series of steps should be followed, such as those indicated below:

1.Establish confidentiality agreements

Establishing confidentiality agreements with employees and third parties (suppliers) is key to maintaining internal order and, if necessary, taking legal measures to penalise misuse of the company’s confidential information.

2. Control access

Many companies take into account the physical security of data, but nowadays most of that data is found in the digital framework.  For this reason, companies must incorporate relevant protection measures in an increasingly digital world.

3. Define confidential information

When establishing a confidentiality agreement, it is necessary to regulate what is considered confidential information in a company. To do so, a thorough analysis must be carried out that identifies the secrets and associated risks.

4. Provide training

Training is also essential to avoid data breaches to the outside. Therefore, employees must be trained on how to handle the company’s data.

5. Make special protective equipment

It is important to delegate certain responsibilities to a security and data protection officer. This person will therefore be responsible for ensuring said protection.

6. Continue making progress

Many companies focus on data protection when it is already too late. It is important to start working on this immediately and continue to add projects and all types of actions to ensure the full protection of data. In terms of data protection, this is known as proactive responsibility.

7. Make protection the priority 

Cyber threats are currently a significant problem at the business level. That is why taking action tomorrow is not good enough; data protection on the Internet must be handled straight away. Failing to do so, companies will jeopardise their finances and their reputation.

This is key; protecting trade secrets in a company is not only a preventive measure, but also a measure of future success. If you have questions or wish to know more about any of this information, do not hesitate to contact us. At Bacaria we can advise you.


Updates in the ‘right to be forgotten’ for cancer survivors

Royal Decree-Law 5/2023, of 28 June (RDL 5/2023) amended the Insurance Contract Law and the Consumer Protection Act to implement the ‘right to be forgotten’ for cancer survivors which entered into force on Friday, 30 May 2023.

These legal amendments will have a significant impact on all types of contracts entered into by entrepreneurs and professionals and consumers. In particular, they will affect life insurance contracts, as well as banking and financial contracts that take into account consumer health factors as a condition for providing. Or denying benefits in the event that information about a pre-existing cancer is withheld.

What is the ‘right to be forgotten’ for cancer survivors?

The ‘right to be forgotten’ for cancer survivors is the right held by a person who has suffered from cancer where said condition will not be taken into account in different situations. Such as when taking out life insurance or applying for a loan. This right therefore prevents these individuals from having to justify their medical history and it ensures that they are not discriminated against.

How does the ‘right to be forgotten’ for cancer survivors work?

Another key point is the approved royal decree-law establishes the ‘right to be forgotten’ for cancer survivors. When they take out insurance policies and sign up for banking products 5 years after the completion of treatment and without relapse.

  • Clauses, provisions, conditions or agreements that exclude one of the parties due to the fact that they had cancer are declared null.
  • Making distinctions when taking out insurance for a person because they had cancer is prohibited.
  • There is no longer an obligation to declare whether one has suffered from cancer in order to take out life insurance. And taking cancer history into account in this procedure is also prohibited.

Who can benefit from this measure?

Basically any person who has suffered from cancer can benefit from this new right once 5 years have passed since the completion of treatment and without subsequent relapse. The Government is authorised to modify this term based on the development of scientific evidence.


New General Telecommunications Law

How many times a week do you receive calls from operators offering you a TV in exchange for contracting a service? Too many, right? Daily and annoying situations like these will soon be regulated thanks to the New General Telecommunications Law. That, in addition to encouraging investment by operators, mainly focuses on improving user protection.

Today we will tell you about the main amendments proposed by this new Bill which will affect both operators and users. Let’s go!

Main amendments


A more suitable framework is created to make investments to deploy new generation networks. Thus making it possible to offer innovative services that are more technologically suited to the needs of the people.

It establishes that when the Telecommunications Market Commission imposes obligations and conditions for access to the networks. It must take into account the investment risk of the operators.

A more effective and efficient use of the radio spectrum is promoted through generalisation of the principles of technological neutrality (use of any technology) and service neutrality (provision of any service).

With regards to designating an operator to provide the universal service, a bidding mechanism is established where, until now, this mechanism was only used if several parties showed an interest after a consultation process.

Furthermore, operators that make their network available to other entities in order to produce radio broadcasts must verify, prior to the start of said broadcasts, that these entities have the corresponding licence for the radio public domain. This represents an important measure to prevent illegal radio and television broadcasts.


The amendments introduced reinforce the rights of users and their protection. Thus, it is established that end users shall have the right to receive more information about the characteristics and conditions of service provision and about the quality with which said services are provided (prices, offer limitations, etc.).

Personal data is also protected more effectively. For example, data protection regulations apply to data obtained from commercial product labels by means of identification devices that use the radio spectrum (RFID). Moreover, it sets forth that additional information must be given to the user about the computer files or programs (“cookies”) that are stored on computers and other devices used to access the Internet with the purpose of facilitating web browsing.

The new regulation states that changing an operator while maintaining the number (portability) must be carried out within one business day. Likewise, it improves access to services for people with disabilities or with special social needs, stipulating that it must be in conditions equivalent to the conditions that apply to all other users.

In summary

What changes with the new General Telecommunications Law?

Companies may not call users for commercial purposes without prior consent.

What happens if a telephone operator calls me outside the established time frame?

Basically n the framework of the Consumer and User Protection Act, failure to comply with this regulation shall lead to the opening of disciplinary proceedings. It also opens up the possibility of filing a claim with the Spanish Data Protection Agency which, depending on the seriousness, recidivism, affected users, etc., could impose a penalty”.

This main rule regulates the sector of electronic communications networks and services in a uniform and comprehensive manner. Audiovisual communication services and Information Society services are excluded from this regulation.



New Whistleblower Channel Law

Have you heard about the new Whistleblower Channel Law but aren’t really sure what it entails? Here’s a brief summary of its objectives, who it protects and who must comply with it.

Starting 13 June of this year, this new regulation requires entities with 250 employees or more to have a whistleblower channel. Moreover, starting 1 December, this will also be mandatory for companies with between 50 and 250 employees, as well as municipalities with less than 10,000 inhabitants. Yes, that’s right, there’s only one week to go. So if you are not aware of what’s going on, read this article that may be of interest to you.


Objectives of the new whistleblower channel law

To guarantee the proper protection of those who decide to step forward and report illegal or infringing actions within organisations, whether they be private companies or public organisations. And to ensure that they will not be subject to any type of retaliation such as: dismissals, not being promoted or being demoted, among others.

It also includes a number of specific support measures for whistleblowers, such as: comprehensive and free advice, financial backing and psychological support.

This objective seeks to promote internal reporting through whistleblowing channels, helping to prevent the commission of crimes or offences within organisations and promote an ethical culture.

But what can be reported? Any action or omission that may constitute an infringement of EU Law (those included in the annex to the Whistleblowing Directive, those that affect the financial interests of the EU and those that affect the internal market), in addition to actions or omissions that may constitute a serious or very serious criminal or administrative offence.

Who does the whistleblower channel law protect?

The whistleblower channel law protects any whistleblower who works in the private or public sector and who has obtained information about offences in a work or professional context.

These whistleblowers may be civil servants, employees, freelancers, shareholders or executives, volunteers, trainees, or employees who are in training periods or going through a selection process.

The law can also be applied retroactively. In other words, it will also protect those who report offences within the framework of an employment or statutory relationship that has already ended.


Which entities are required to have a whistleblower channel?

Companies with 50 employees or more.

Enterprises of any size that operate in: the financial market, environmental protection or transport security.

Companies with a turnover equal to or greater than 10 million euros.

Public administrations and entities (both of the State and Autonomous Regions and the local administration) and constitutional bodies. Public universities and public law corporations.

Political parties, unions, employers and foundations.


Ultimately, the whistleblowing channel law transforms this tool into a fundamental element for combating and preventing offences and crimes in organisations.

If you have a company, do not wait for the deadline for implementing the whistleblower channel to pass and avoid sanctions. At Bacaria Legal we can advise you. Call us now!