Adequacy and compliance with the Data Protection Regulation of the European Union.
REQUIREMENTS
ACTIONS
Delegate Data Protection Services
Implementation and updating of data protection protocols according to the new European regulations (RGPD) and the new LOPD 2018.
How does the new regulation on data protection affect my business?
It affects me directly
-The regulations on the protection of personal data affect all companies and self-employed regardless of the size and structure of their business. Therefore it is mandatory for any company or business.
I must make sure I have established mechanisms and security protocols actively, ensure the privacy of personal data of those who are responsible (customer data, employees, suppliers, etc.) as well as compliance with all the s obligations regarding data protection.
The most striking novelties are:
The obligatory nature of registering files in the Spanish Data Protection Agency is eliminated. Instead, the obligation to document all processing of personal data carried out in my business is established, they do create an internal register identifying and describing such treatments.
Another novelty imposed by the Regulation is the need to conduct, as a starting point for an adequate compliance, an analysis of the risks that, for the privacy of the data, may occur in the normal operation of the business itself; and depending on the risks observed, design the corresponding preventive safety measures, as well as the corrective measures. Because the law does not set the measures, which we must adopt in a standardized way, but impose on us to create our own “tailor-made suit” with measures that we consider ” adequate ” to our business, we must ensure that the security measures we adopt are effective.
Greater amounts of transparency and loyalty are required in the information provided to those affected (customers, workers, etc.) to which personal data are processed. Clear, simple and complete information to those affected.
Preservation of the data for the minimum possible time. It establishes the need to inform the interested party about the time of conservation of the data by a health center.
The figure of the Delegate for Data Protection is established as a mandatory element in certain cases. This figure should ideally be external to the business, due to the legal requirement that it be an independent figure to the business management. Its purpose is to manage, advise and control that the security protocols for data protection are applied correctly in the business.
It also establishes the obligation to perform Impact Assessments (PIA) on the processing of personal data in certain cases (massive data processing, or the realization of profiles, for example)
Particularly important is the communication or transfer of data to third parties, such as the providers themselves (for example the IT provider), due to the risk to privacy. Therefore, it is important to establish specific protocols that guarantee the security and strict confidentiality of personal data, both in its treatment within our company and when it is transferred to third-party suppliers for specific treatment. It is essential to demand from our suppliers the same degree of regulatory compliance in terms of data protection, which we have established for our company.
What can happen in case of not complying with the regulations?
– Be sanctioned by the Control Authority. In relation to the current regulations there has been a notable tightening of fines for non-compliance with regulations that can reach up to 20 Million Euros or 4% of the annual turnover of the offender.
– Having to compensate the affected person directly. It is a novelty with respect to the current LOPD. This will undoubtedly cause the complaints to grow exponentially.
How can Globalpacta help you?
Globalpacta has a department specialized in advising on data protection. First, it will analyse the degree of compliance of the company or business in terms of data protection as well as the risks encountered. From analysis it is and propose, if necessary, new protocols and security measures to be implemented to ensure strict compliance with the requirements of the new Data Protection Regulation and the new Data Protection Act 2018.
Delegate Service Data Protection. Globalpacta offers to cover this figure when it is mandatory or recommendable for its business according to the new regulations, in an outsourced manner.
Performance of impact evaluations, as well as the management of the detected risks.
Globalpacta, in short, offers you complete advice to fully comply with the regulations on data protection, which, in addition to avoiding harsh penalties, will convey an image of seriousness and good work that will benefit the image of your company or business.