Data Blocking Under Spanish LOPDGDD: Guide

·

Blocking data does not mean moving it into a folder called «archive». Article 32 of the LOPDGDD (Spain's Organic Law on Data Protection and Digital Rights Guarantee) requires organisations to identify and set data aside once it is due for rectification or erasure, preventing any further processing or display except to make it available to judges, courts, the Public Prosecutor's Office or the competent administrations during the periods in which liability may still be claimed. Once those periods have elapsed, the data must be destroyed.

Erasure, retention and blocking

Before designing any procedure, it helps to distinguish the four stages a piece of personal data goes through over its lifecycle:

Not all erased data needs to stay blocked for the same length of time: the period depends on the liabilities that apply in each case.

When blocking applies

Blocking is triggered when a piece of data is rectified or erased, whether at the data subject's request or on the controller's own initiative once the purpose or retention period has ended, in line with the criteria set by the AEPD (Spanish DPA). Common scenarios include:

Before blocking anything, check whether a legal obligation requires the data to stay in active use: you don't block what must legally keep being used.

What blocking allows

While a piece of data remains blocked, it may only be processed to address possible liabilities and to make it available to the competent authorities. Using it for marketing, analytics, operations or «just in case» is off the table. Access to blocked data must always be exceptional, justified and logged.

Retention table

CategoryActive useBasisBlockingDestruction
ContractContractual relationshipContractLiabilitiesEnd of period
InvoiceTax obligationLawLiabilitiesEnd of period
HREmployment relationship/lawContract/lawEmployment/taxEnd of period
MarketingApplicable basisConsent/legitimate interestClaimsEnd of period
IncidentIncident managementObligation/legitimate interestLiabilitiesEnd of period

Periods must be documented both by rule and by specific case: there is no generic table that works as a universal safeguard.

Designing the blocking mechanism

Logical status

The record moves into a blocked status: it sits outside ordinary applications and only an exceptional role can access it.

Separate repository

The data is exported, encrypted, into a restricted file with a hash, a date and metadata, and removed from the production environment.

Secure copy

If the system does not support blocking, or adapting it would require disproportionate effort, Article 32.4 allows for a secure copy to be made with evidence of authenticity, date and non-manipulation. This option must be justified.

Technical requirements

A well-designed blocking procedure requires:

A technical administrator should not be able to access this data as a matter of routine.

Backups

Backups complicate both erasure and blocking. A specific policy must be in place covering:

There is no need to alter a backup copy in a way that compromises its integrity if isolation and a defined lifecycle are in place, but it must be guaranteed that the data does not return to active use.

SaaS systems

The contract with the data processor must allow:

If the provider does not support blocking, an alternative or an equivalent secure procedure must be assessed.

Rectification

When a piece of data is rectified, the previous value should only be kept blocked if it is needed to address liabilities, while the new value remains active. The application must not display both values as current at the same time: traceability must show which value is correct and since when.

Data subject rights

When an erasure request is received, the procedure should follow these steps:

  1. verify the requester's identity;
  2. assess how Article 17 GDPR applies;
  3. identify any existing retention obligations;
  4. stop ordinary use of the data;
  5. block the data where appropriate;
  6. respond to the data subject;
  7. destroy the data once the period has ended.

The response to the data subject can explain the restriction applied without needing to disclose sensitive internal controls.

Exceptional access

Every request from an authority must be validated and logged, recording:

The entire dataset should not be unblocked if handing over part of it is enough.

Retention periods

The blocking period is tied to the limitation period for liabilities arising from the processing and the applicable obligations. When several periods apply at once, the criterion followed must be documented, and any suspension or interruption of the period is handled whenever legally required. The system must never use the label «indefinite».

Destruction

Once the blocking period expires:

Governance

RoleResponsibility
Legal / DPOLegal criteria and oversight
Data ownerDefining category and purpose
ITTechnical implementation
SecurityAccess and integrity
ProviderExecution per instructions
ManagementResources and risk management

Testing

Before signing off on a blocking procedure, it's worth checking that:

Common mistakes

  1. Mistaking blocking for simple archiving.
  2. Continuing to use blocked data for marketing.
  3. Keeping broad administrative access to blocked data.
  4. Applying a single period across all categories.
  5. Not setting a destruction date.
  6. Letting backups reactivate blocked data.
  7. Contracting SaaS systems without blocking capability.
  8. Displaying the old value after a rectification.
  9. Handing over more data than necessary to an authority.
  10. Destroying data without leaving evidence of the process.

Checklist

Frequently asked questions

Is blocking the same as deleting?

No. Blocking means setting the data aside temporarily, without ordinary use, to address possible liabilities.

Can the company still consult blocked data?

Only in the scenarios and for the limited purposes set out in Article 32.

How long does blocking last?

Until the applicable limitation periods end, set according to the data category and the relevant liability.

What if the system doesn't support blocking?

A secure copy can be made under the conditions of Article 32.4, justifying the decision and guaranteeing the data's integrity.

Official sources consulted

At Summum Consultoría we can help build your organisation's retention table and design the blocking procedure together with your IT team and your providers.