Every person, company, or organization (both private and public. That processes personal data must comply with a series of requirements. And implement security measures depending on the type of data they hold (basic, intermiate, or high risk). They must also monitor the data they collect.
At the European level, the Regulation on the protection of personal data was develop and approv by the European Parliament on April 16, 2016. It is immiately applicable to all Member States of the European Union and came fax lists into force in May 2018.
At the national level, we have Organic Law 3/2018, of December 5, on the Protection of Personal Data and the Guarantee of Digital Rights, which repeals the former Organic Law 15/1999, of December 13, on the Protection of Personal Data (LOPD). This regulation had to be adapt to the GDPR.
How to comply with data protection?
Data protection is not a mere formality, as we are scope and methodology of the topic talking about fundamental rights: the right to honor, personal privacy, and one’s own image. These rights are regulat in Article 18 of the Constitution .
Although its configuration initially stemm from the Fundamental Right to honor and personal and family privacy and one’s own image, thanks to regulatory development and the construction of jurisprudence, it has become a fundamental right independent and autonomous from the right to personal and family privacy and one’s own image.
Whether you are a company or an individual processing personal data
- Notification of the files to the Spanish Data Protection Agency (AEPD).
- Drafting of the Security Document reflecting philippines numbers the technical and organizational measures that must be adopt to comply with data protection.
- Drafting of all documents necessary for data protection.
- Facilitate the exercise of ARCO rights (right of access, right of rectification, right of cancellation and right of objection).
- Biennial audit. Companies with mium- or high-level records must conduct an audit every two years. This audit can be internal or external.
A series of data protection services that both companies and self-employ individuals handling personal data should consider.