www.yourlegalconsultants.com [email_address] Personal data protection ALL THE DOCUMENTS RELATED TO DATA PROTECTION
www.yourlegalconsultants.com [email_address] DOCUMENTS RELATED TO DATA PROTECTION IMPLEMENTATION: 1. KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION 3. RELATED AGREEMENTS 3. SECURITY DOCUMENT 4. COMPLIANCE/AUDIT CERTIFICATE 5. COMPANY INTERNAL POLICY
www.yourlegalconsultants.com [email_address] PERSONAL DATA PROTECTION Index of practical documents and explanation of appendix documents Available in www.yourlegalconsultants.com
www.yourlegalconsultants.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (1/2) This document contains key points that will help you to determine whether data protection has been correctly implemented or to determine what points are necessary to take into account in implementing the provisions of the data protection law. SOME OF THE POINTS INCLUDED IN THIS SPREADSHEET ARE SHOWN IN THE FOLLOWING Is the "company policy" document applicable to all stores and companies? Yes/No Is there a waiver of liability clause with regard to data transfer/disclosure? Yes/No Is there a data processing procedure to be followed by company employees? Yes/No
www.yourlegalconsultants.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (2/2) Is the occupational accident information associated to personal data? Yes/No Are e-mails sent to multiple recipients without the appropriate consent? Yes/No Is there a procedure for the cancellation/rectification/amendment of data? Yes/No Does your company consider that data is disclosed to third party service providers who access the data? Yes/No Has your company been notified of the creation of a video surveillance image file? Yes/No The questions contained in this questionnaire lead to reflection on the level of protection being applied in a company.
www.yourlegalconsultants.com [email_address] 2. DOCS: RELATED AGREEMENTS <ul><li>Agreement documents related to data protection implementation, available at downloads, focus on the following areas: </li></ul><ul><li>Database transfer between companies </li></ul><ul><li>This document is applicable when two companies enter into a collaboration, and therefore share databases. It is necessary to have notified owners of data clearly and precisely that both companies are proprietors of the customer database, making express mention of the names of the companies, or to have obtained the consent of data owners in order for the other company to be able to use their personal data for commercial or promotional purposes, etc. </li></ul><ul><li>B) Outsourcing data processing services </li></ul><ul><li>This document is applicable when a company outsources services to third parties, which will use the personal </li></ul><ul><li>data that is subject to the rendering of service (accountancy firms, etc.) </li></ul>
www.yourlegalconsultants.com [email_address] 3. DOC: SECURITY DOCUMENT (1/4) <ul><li>The security document index, available at downloads, is described in the following: </li></ul><ul><li>INTRODUCTION </li></ul><ul><li>DOCUMENT APPLICATION SCOPE </li></ul><ul><li>High Level. Applied to data files or data processing. </li></ul><ul><li>Intermediate Level. Applied to data files or data processing. </li></ul><ul><li>Basic Level. Applied to data files or data processing. </li></ul><ul><li>B. MEASURES, PROCEDURES, RULES AND STANDARDS GUARANTEEING </li></ul><ul><li>THE SECURITY LEVELS REQUIRED BY THIS DOCUMENT </li></ul><ul><li>Identification and authentication </li></ul><ul><li>Access Control </li></ul><ul><li>Hardware and document log </li></ul><ul><li>File criteria </li></ul><ul><li>Data access through communication networks </li></ul>
www.yourlegalconsultants.com [email_address] 3. DOC: SECURITY DOCUMENT (2/4) Access Control Hardware and document log File criteria Data access through communication networks Regime for work outside premises where files are located Document transfer Temporary files Copy or reproduction Backup copies Security Supervisor C. GENERAL PROCEDURE FOR PERSONNEL NOTIFICATION D. PERSONNEL FUNCTIONS AND OBLIGATIONS General functions and obligations
www.yourlegalconsultants.com [email_address] 3. DOC: SECURITY DOCUMENT (3/4) E. INCIDENT NOTIFICATION, MANAGEMENT AND RESPONSE PROCEDURES F. REVIEW PROCEDURES Security document review Audit G. CONSEQUENCES OF NON-COMPLIANCE WITH SECURITY DOCUMENT APPENDIX I. FILE DESCRIPTION APPENDIX II. APPOINTMENTS APPENDIX III. AUTHORISATION FOR DATA OUTPUT OR RECOVERY APPENDIX IV. HARDWARE INVENTORY APPENDIX V. INCIDENT LOG APPENDIX VI. PROCESSING SUPERVISOR APPENDIX VII. HARDWARE SIGN IN AND SIGN OUT LOG
www.yourlegalconsultants.com [email_address] 3. DOC: SECURITY DOCUMENT (4/4) CHECKLIST FOR SECURITY AUDIT 1. Aims 2. Determining the audit scope 3. Planning 3. Data gathering 4. Test evaluation 5. Conclusions and Recommendations
www.yourlegalconsultants.com [email_address] 4. DOC: COMPLIANCE/AUDIT CERTIFICATE This document (compliance/audit certificate) has two different aims: A) It allows an expert in data protection implementation to analyse current data protection compliance for AUDITING B) It allows the expert who has implemented data protection to COMMIT to the result of this implementation .
www.yourlegalconsultants.com [email_address] 5. DOC: COMPANY INTERNAL POLICY This company internal policy document covers the points to be taken into account, from the perspective of security monitoring of the company's internal and external communications systems, and is applicable to the systems department. The document INDEX is included: COMPANY INTERNAL POLICY 1- Data protection 2- Data processing 3- Proprietary information 4- Non-automated data 5- Work place security 6- Security of the Company’s Information Systems
www.yourlegalconsultants.com [email_address] Thank you for your interest [email_address] If you want to buy the documents: www.yourlegalconsultants.com If you want to contract to the expert, please contact:
A particular slide catching your eye?
Clipping is a handy way to collect important slides you want to go back to later.