Download our FREE ebook on GDPR compliance. Download Now

All You Need to Know about Spain’s New Trade Secrets Act

All You Need to Know about Spain’s New Trade Secrets Act

Posted byAndrada Coos Posted inCompliance

Earlier this year, the Spanish Senate approved a new Trade Secrets Act (TSA) which came into force on 13 March 2019. The act was a delayed transposition into Spanish law of the EU Directive 2016/943 on Trade Secrets which aims to protect undisclosed know-how and business information against their unlawful acquisition, use and disclosure. Through it, valuable business information is legally recognized as equivalent to intellectual property in the EU.

The Trade Secrets Directive aims to harmonize regulations on the protection of trade secrets across the EU and through it, encourage cross-border business in the field of innovation and transfer of innovative knowledge.

What is a trade secret?

The definition given by the TSA of trade secrets is intentionally very broad so it can be applied to all types of information or know-how, but it must fulfil three basic requirements: it must be secret, have business value and reasonable measures must have been taken to maintain its secrecy.

This means that anything from financial information to blueprints and algorithms can fall within the incidence of the TSA, but that companies failing to protect information that they consider secret will not have recourse to legal action.

Lawful and unlawful acquisition of information

The TSA specifies what is lawful and unlawful when it comes to acquisition, use or disclosure of trade secrets. There are a number of circumstances under which the acquisition of information is considered lawful: when it results from an independent discovery, reverse engineering, the exercise of workers’ rights or any other action conforming to fair commercial practices.

On the other hand acquisition is considered unlawful when trade secrets were obtained without the authorization of the owner. Any unlawful acquisition extends to the information’s use and disclosure. Should trade secrets obtained in a lawful manner be used or disclosed in breach of contractual or other obligations, they would also qualify as infringements of the TSA.

Liability under the TSA

One important thing to keep in mind is that, under the TSA, third parties that acquire, use or disclose trade secrets while being aware or, more notably, should reasonably have been aware, that they acquired the information from a party that uses or discloses it unlawfully are also liable for infringement. This objective liability also extends to companies marketing, producing or offering goods that incorporate trade secrets used unlawfully.

Recourse to action under the TSA

The TSA has made it much easier for companies to seek action against both direct trade secret infringers and third party purchasers of unlawfully acquired information.

In case of infringement, organizations are given several options: they can declare the infringement, request the cessation, prohibition or removal of effects, demand damages or the publication of the judgement. The TSA also includes more specific remedies such as the destruction or delivery to the plaintiff of documents, objects, materials, substances or electronic files containing the trade secret, or the recall of infringing goods.

Companies have three years from the moment they become aware of the person carrying out the infringement to file a legal action before the statute of limitation expires, which is two years longer than prescribed by previous Spanish laws.

The TSA also stipulates that companies filing trade secret actions in an abusive way may be fined up to a third of the amount in dispute. The ruling would also be published which can have dire consequences on a company’s reputation.

In conclusion

The TSA allows companies to protect the information they consider vital to their business and take action when its secrecy is violated. However, they must first take measures to ensure that its secrecy is maintained. In the digital age, this means that trade secrets must be protected with the same diligence accorded to sensitive data falling under the incidence of the GDPR.

Badly protected information, that falls victim to data breaches or leaks due to either outside interference or inside negligence cannot be considered secret anymore. After all, if information is made public, against the wishes of a company, not through a breach of good faith, but a clumsy email or forgotten removable device, it can no longer be reasonably considered a secret.

Explore More on Compliance

Interested in diving deeper into the world of Compliance? Check out these hand-picked resources to expand your knowledge:

PCI DSS Compliance Checklist Global Compliance and DLP: Navigating Regulations and Protecting Data PCI DSS Compliance: All You Need to Know
explainer-c_compliant-industry

Download our free ebook on
GDPR compliance

A comprehensive guide for all businesses on how to ensure GDPR compliance and how Endpoint Protector DLP can help in the process.

Download Now

In this article:

    Latest Posts

    Top Articles

    Best Practices for Source Code Security

    Best Practices for Source Code Security
    How to Control USBs and Removable Devices with Endpoint Protector

    How to Control USBs and Removable Devices with Endpoint Protector
    Keeping Source Code Safe with Data Loss Prevention

    Keeping Source Code Safe with Data Loss Prevention
    Dedicated DLP VS Integrated DLP

    Dedicated DLP VS Integrated DLP
    Top 3 Reasons to Use Endpoint Data Loss Prevention

    Top 3 Reasons to Use Endpoint Data Loss Prevention
    5 Ways Large Enterprises Protect their Data

    5 Ways Large Enterprises Protect their Data
    Gartner DLP: The Story of the Missing Enterprise Magic Quadrant

    Gartner DLP: The Story of the Missing Enterprise Magic Quadrant
    Request Demo
    * Your privacy is important to us. Check out our Privacy Policy for more information.

    Trusted by