– And among all the principles that should govern any data processing, the principle of accountability . The new regulations require that the consent for the processing of Personal Data of the interested party is unequivocal, free and revocable. Adding that it must be given by means of a clear affirmative act, not admitting tacit consent, for each of the purposes of the treatment . In relation to the rights of the interested parties, in addition to collecting a review of the traditional rights of access, rectification, cancellation and opposition, known as ARCO rights, it includes the following rights: Right to limitation of treatment This right implies that, at the request of the interested party, the processing operations that would correspond in each case will not be applied to their personal data. Whenever there are a series of specific circumstances. Right of portability By means of this right, the interested party may request the data controller that their personal data be transmitted directly to another controller. Without the need for them to be previously transmitted to the interested party, as long as it is technically possible. Right to erasure (“the right to be forgotten”) The interested party, in the cases that a series of specific circumstances are met, will obtain, exercising this right, the erasure by the person responsible for the treatment of the personal data that concerns him, without undue delay. New principles for the processing of Personal Data The new regulations also present a series of Burundi Email List new principles for the processing of Personal Data, such as: Those of data protection by default and from the design, involving companies to adopt measures that guarantee compliance with the standard from the moment the company, the product or service or the activity that involves data processing is created. . The principle of transparency that implies that all communications with the interested party (from the legal Web texts to the ways of exercising their rights) must be simple and intelligible, always facilitating their understanding. Finally, the principle of accountability, one of the cornerstones and important novelty with respect to the previous regulations that, due to its importance and effects, deserves a separate mention. What is the DPD or Data Protection Delegate Along with the aforementioned principle, another of the important novelties of the RGPD is the creation of the figure of the Data Protection Delegate (hereinafter, DPD). You must have a general legal knowledge and especially in the matters of Data Protection, Privacy and Security. Since it must exist in certain types of companies, DPD may be internal or external. In any case, the DPO must report to the highest hierarchical level of the company, act independently and cooperate with the control authority, the Spanish Data Protection Agency (AGPD), and cannot be fired in the exercise of their functions. . Companies that on May 25 are not prepared for the new regulations face very important sanctions. Opting for the largest amount, of up to 20 million euros or an amount equivalent to 4% of the total annual worldwide business volume of the previous financial year. GDPR and Digital Marketing The situation can be more disturbing for those companies dedicated to fields such as digital marketing. And that one of your main sources of income is working with data monitoring. The question we must ask ourselves is: can we continue to do business? The answer is yes!. But as long as the entity is capable of adapting to change, following a strategy and a Personal Data management system that is based on the principle of accountability. The principle of accountability This principle implies that an obligation arises for the person responsible for the treatment to apply the appropriate technical / organizational measures in order to guarantee and be able to demonstrate, at any time, that the treatment carried out is in accordance with the standard.
This means that all companies must do an analysis of: 1. What data they process. 2. For what purposes do they do it. 3. And what kind of processing operations do they carry out? Based on these points, they must explicitly determine the way in which they apply the measures that the regulations provide. Ensuring that these are adequate to comply with the legal mandate and to be able to demonstrate it, at any time, both to the interested parties, and to the control and supervision authorities. What new developments in the field of Data Protection does the application of the RGPD accountability principle entail? • Register of data processing activities. One of the consequences of this principle is that companies must carry out a record of data processing activities. This replaces the obligation to notify files to the control authority. But it must be determined what is the basis that legitimizes the company for the processing of personal data and the purpose of the treatment. • Select those in charge of the treatment. Another consequence is that the person responsible for the treatment has the obligation to select only those in charge of the treatment that provide sufficient guarantees of regulatory compliance. Adherence to codes of conduct or have the certification of authorized entities, will serve as a means of accrediting compliance with legal obligations. • Designed security measures. A consequence of the principle of accountability will also be the obligation to determine what security measures should eu phone number be applied to the processing of personal data. Always taking into account the state of the art, the costs of application and the nature, scope, context and purposes of the treatment, as well as the risks to the rights and freedoms of natural persons. The regulations speak of the application of the appropriate technical / organizational measures to guarantee a level of security appropriate to the risk, without specifying what type of measures should be applied. Among the measures, it should be noted that the so-called Impact evaluations on privacy should be carried out on those occasions when the data processing involves a high risk for the rights and freedoms of citizens. • Control and communication. The last of the consequences to be highlighted of the aforementioned principle is the obligatory nature of the establishment of forms of control and communication both to those affected and to the control authority of security violations. In any case, for the security violation it must be communicated and solved within a maximum period of 72 hours. As we said in previous lines, we have to understand this legislative change as the opportune moment to make an investment. An investment that will undoubtedly translate into an unprecedented competitive advantage, taking into account that, as all companies start from the same “starting box”, those companies that are best advised and best comply with the principle of accountability. It is time to adapt to the new culture of data and privacy, to generate trust in stakeholders, positioning our brand ahead of competitors.