In the digital age, accessing internet services is incredibly easy, yet it is subject to a set of laws and regulations that Spanish companies must strictly adhere to. In this context, we’ll primarily delve into the Spanish Organic Law on Data Protection (LOPD) – L.O. 15/1999PD.
Among other provisions, this law governs the management and storage of data, mandating that Spanish companies locate their data files and the servers hosting them within the European Union’s territory. Failure to do so, resulting in data transit outside the EU, is considered an international transfer of data. The law requires the country where the server is physically located to maintain a level of personal data protection equivalent to that outlined in the LOPD.
Spain maintains a list of countries deemed compliant with this level of protection. In the case of these countries, there’s no issue. However, if not, we might be in violation of the law. Surprisingly, the United States is not included in the countries complying with the LOPD, necessitating obtaining prior consent from the affected parties to avoid engaging in illegal data transfers, punishable with fines ranging from €300,000 to €600,000.
After scrutinizing this law and the obligatory compliance regulations, the question arises: Where are my data?
We’ve consulted our internet service provider, our web designer, and our IT professional about the importance of knowing the data’s location. Do we have this information documented and certified to ensure compliance with the law and avoid penalties? Sadly, for many, the answer is not only a resounding NO but also an acknowledgment that no one informed them of these obligations, thus leaving them in ignorance. According to Spanish law, ignorance is no excuse for non-compliance.
How Do I Know Where My Website and Data Are? There are various ways to determine the location of our servers, all based on analyzing the server’s IP address.
Several websites in the market can analyze this data and provide the server’s location with more or less accuracy. However, I prefer the manual analysis, which I will guide you through.
Analyzing the Location:
- Step: Determine the IP of My Server
To find the IP of our server, we will use a simple “ping” command.
Practical example: Let’s find the IP of www.serveisweb.com
From our Windows computer, click on “Start” or the Windows icon, and find the option “Run or search programs.” Type “cmd” and press Enter.
A new window will open, usually with a black background and white letters, displaying the familiar system prompt. There, type:
cmdCopy code
Ping www.serveisweb.com
And press Enter.
The “ping” process begins, but we only need the first result, in this case:
pythonCopy code
Pinging serveisweb.com [81.25.112.17] with 32 bytes of data:
The value in square brackets is the IP of our Server: 81.25.112.17
- Determine the IP Location
Once we have the IP, we must try to identify the country of origin or its location.
For this, we will use the databases of the entities coordinating global IP networks.
Let’s start with RIPE (Réseaux IP Européens), whose goal is to ensure the administrative and technical coordination necessary for the proper functioning of the Internet within the RIPE region (Europe). Europe is the territory where, according to the LOPD, we should locate our data and servers.
To make this query, use the following RIPE website: https://apps.db.ripe.net/search/query.html
Open the page in a browser, enter the IP you want to check, and click on the “Search” button.
If this IP is in the RIPE database, it will inform us of its owner and location. If not, we know that we are violating the LOPD.
You can also perform the query on other IP coordination entities depending on the geographical coverage, as shown in the image above.
My Server Is Not in Europe, What Should I Do? First, consult with your current provider and inform them of this irregularity in complying with the LOPD.
The next step is to search for an Internet service provider with servers physically located in the European Union, preferably in Spanish territory. Quickly contract their services and migrate all your data and the website to the new provider.
Once again, we find a reason to carefully analyze our internet service provider. Cheaper solutions are not always the most suitable. Always rely on professionals, seek advice, and choose the best option, not the cheapest.
Avoid all-inclusive options like Web Package + Hosting Service. Often, these end up with providers outside Spanish territory, leading to violations of laws that can result in penalties.
