On the 25th of May, the Regulation (EU) 2016/679 of the European Parliament and of the Council of April 27, 2016 (hereinafter, General Regulation of Data Protection – RGPD, began to be applied, concerning the protection of natural persons relative to the processing of personal data and the free movement of this data and repealing Directive 95/46 / EC.
The RGPD proposes a proactive responsibility management model, based on AUTO REGULATION, and incorporating the TRANSPARENCY, COMPLIANCE and ACCOUNTABILITY systems, with the following objectives:
- A) That companies and entities adopt the appropriate regulatory and safety measures to minimize risks and ensure compliance with the RGPD.
- b) That the companies and entities can demonstrate the fulfilment with the RGPD, generating sufficient traceability of their actions, to verify that they effectively comply with the current regulations.
MAIN INNOVATIONS OF THE RGPD FOR COMPANIES AND ENTITIES
- Disappearance of the obligation to register files in the Spanish Agency for Data Protection.
- Obligation to prepare a Registration of Data Processing Activities.
- Obligation, in certain cases, of designation of a DPD (Delegate for Data Protection), to report, advise and verify compliance with the RGPD by companies and entities
- New approach to the legal bases of the legitimacy of the data processing, with the introduction of legitimate interest.
- Deepening in the system and content of the right to information to the concerned party.
- Review of the rights of the person concerned, with the introduction of a new right, such as the right of cancellation and the right to transfer, and obligation to establish transparent and accessible mechanisms for the rights exercise.
- Impact Evaluations: obligation to carry out a study of the viability and risks for data protection in certain cases.
- Obligation to communicate security failures: depending on the case and depending on the type of security breach, the data placed at risk and the facts that have occurred, to be communicated to the AEPD and / or to those concerned.
- The need to check whether the treatment managers offer guarantees of compliance with the RGPD and the obligation to adjust the contracts by order.
- Application of the security based on the focusing of existing risks for the rights and freedoms of citizens, and aimed to determining technical and organizational security measures to protect the data.
Our firm proposes the following solutions to companies and entities to implement the RGPD and guarantee the security of the information:
- Service of integral advisory for the implementation of the general regulation for data protection
- Service of assistance to the officer of internal data protection and advice on their designation and functions.
- Service of actions as data protection delegates to companies and entities and, advice on their contracting.
- Service of in-person and presential training
- Auditing service and periodic controls of regulatory compliance, risk monitoring and information security.