Exhaustividad del RGPD y estándares de protección del principio de legalidad sancionadora

Resumo

GDPR’s sanctioning scheme is exhaustive, in the comprehensive sense, because it seeks to prevent Member States from introducing differences that would act as national boundaries to the circulation of personal data. This exhaustiveness, which particularly affects the classification of the infringements, prevents at the beginning that national public authorities apply a higher standard of protection of the principle of legality. It examines to what extent, and by what means, this less predictability of the sanctioning regime can be said to contravene Articles 49 Charter of fundamental rights of the European Union and 25.1 of the Spanish Constitution. In this paper we explore which guarantees at the application level could increase this predictability. Finally, it emphasizes that prescription, given that its regulation in the GDPR is not exhaustive, can be disciplined by Member States as an integral part of the material content of the legality principle, which entails a higher level of protection of this principle than that adopted by the ECJ, which considers prescription as a procedural guarantee