SlideShare a Scribd company logo

Data protection process information

Download as PPT, PDF
Y
yourlegalconsultants

PROCESS OF IMPLEMENTATION OF PERSONAL DATA PROTECTION

Technology
1 of 16
www.yourlegalconsultants.com [email_address] Data protection and security Process information
IMPLEMENTATION PROCEDURE: KEY ISSUES Free information 1. CONCEPT OF PERSONAL DATA PROTECTION 2. ANALYSIS AND DETECTION OF PERSONAL DATA PROCESSING 3. IDENTIFICATION OF THE RESPONSIBILITIES OF THE DIFFERENT DEPARTMENTS 4. CLASSIFICATION OF FILES 5. CREATION OF AN INTERNAL COMPANY POLICY 6. IDENTIFICATION OF THE PROCESSING OF PERSONAL DATA BY THIRD PARTIES 7. IDENTIFICATION OF THE NEED TO TRANSFER DATA BETWEEN COMPANIES 8. SECURITY DOCUMENT, NOTIFICATION, FILE REGISTERS AND CERTIFICATION OF CORRECT IMPLEMENTATION DOCUMENTS FOR THE IMPLEMENTATION OF DATA PROTECTION Payment required 9. PROCEDURE DOCUMENTS 10. COMPLEMENTARY AND IT GOVERNMENT DOCUMENTS 11. SECURITY AND AUDIT DOCUMENTS www.yourlegalconsultants.com [email_address]
PERSONAL DATA PROTECTION Free information www.yourlegalconsultants.com [email_address]
1. CONCEPT OF PERSONAL DATA PROTECTION Concept The protection of personal data is governed by Organic Law 15/1999, of 13 December, on the protection of personal data, and its regulations . Personal data is all numeric, alphabetical, graphic, photographic, acoustic or any other type of information concerning identified or identifiable natural persons It is classified into three levels : Basic Medium High We must make a special mention of personal data in relation to health: Information on the present, past and future physical or mental health of an individual. In particular, information referring to a person's percentage of disability or genetic information is considered health data . www.yourlegalconsultants.com [email_address]
2. ANALYSIS AND DETECTION OF PERSONAL DATA PROCESSING The processing of personal data may be conducted internally or outsourced : A. Internal processing Examples: 1. Marketing- Mailing of sales information, etc. 2. Human Resources – Receipt of CVs, the carrying out of psychological assessments, etc. 3. Quality – Processes associated with personal data 4. Legal – Contracts, debts, audits, etc. B. Processing of data by third companies 1. Accounting firms 2. Lawyers It is important to bear in mind that the security manager should give clear instructions to subcontracted companies with regard to security measures . www.yourlegalconsultants.com [email_address]
3. IDENTIFICATION OF THE RESPONSIBILITIES OF THE DIFFERENT DEPARTMENTS It is important that each department is aware of its responsibility with regard to the protection of personal data: A. Each type of data to be processed requires the adaptation of instructions to each department in the company Examples: 1. Marketing- Was the data subject’s consent obtained for sending sales information? 2. Human Resources – Is the information that is received for job applications used only for this purpose? 3. Quality – Can the information associated with processes be simplified so that it can be classified as basic level data? 4. Legal – In what cases is it necessary to obtain the data subject's consent? B. What are the advantages of appointing a personal data coordinator in each department? 1. Supervise interaction with other departments 2. Approval of processes to avoid complaints It is important to centralise information in accordance with the instructions of the systems manager . www.yourlegalconsultants.com [email_address]
4. CLASSIFICATION OF FILES Personal data is protected through the use of security measures appropriate to the nature of the data (basic, medium, high) If the three types of data are stored in the same file, high level data security measures apply It is advisable to classify files on the basis of the nature of the data contained therein in order to provide the appropriate security measures The systems or security manager plays a vital role in this classification Nevertheless, it is important that the different databases or files that might be organised separately are unidentifiable It is important to know when the systems can be designed according to these criteria or, alternatively, the files can be classified according to their applicability. For example: (contacts in internal information systems, psychological assessments, etc.) www.yourlegalconsultants.com [email_address]
5. CREATION OF AN INTERNAL COMPANY POLICY A very effective tool for ensuring that company policy with regard to personal data is known and observed by all employees is to include several clauses in the policy to prevent possible data leakage, just to mention an example . Company policy is an internal document that sets out codes of conduct and aims to prevent conduct that could lead to the dismissal of employees . It is a very effective tool for the Human Resources Department when it comes to defining possible offences. For the IT Department, it is a tool that prevents misuse of internal and external communication systems. For the Legal Department, internal company policy is useful for the prevention of intellectual property offences . When defining company policy, it is important to enlist the cooperation of the company’s senior management and, when applicable, company associates . www.yourlegalconsultants.com [email_address]
6. IDENTIFICATION OF THE PROCESSING OF DATA BY THIRD PARTIES It is necessary to draw a distinction between the communication and disclosure of data The communication of data does not entail the processing of personal data by third parties, but it does involve the use of the data to perform specific functions. (The development of a Web project, etc.) The disclosure of data, however, involves the processing of personal data for the development of services (the carrying out of promotional campaigns by third parties, the payment of wages by third parties, etc.) When services that are outsourced to third parties require the communication of data, when the project has been completed, the data should be returned or destroyed, and this obligation should be set out in writing. When services that are outsourced require the processing of data, the security manager should take account of a number of instructions that ensure the security of the data, and which should be conveyed to the persons concerned. It is important to sign the appropriate documents for each situation. www.yourlegalconsultants.com [email_address]
7. IDENTIFICATION OF THE NEED TO TRANSFER DATA BETWEEN COMPANIES There are two different situations, but with the same objective : A. There is a group of companies that will probably share data B. There is a transfer of data to another company with which the company has a business collaboration relationship. In both cases, the data is transferred, but the scope of the transfer requires that this be organised in different ways and the security manager has various alternatives available. It is important to define the situations before signing the documents governing the transfer of data between companies . www.yourlegalconsultants.com [email_address]
8.SECURITY DOCUMENT, NOTIFICATION, REGISTERS AND CERTIFICATION The security document sets out the appropriate security measures and indicates the security level (basic, medium, high) of files that have already been registered in the Data Protection Agency or Competent Supervisory Authority register . Any changes to a file registered in the Register must be communicated to the Data Protection Agency register . It is advisable to design information systems in accordance with criteria that guarantees the nature of the personal data processed, ensuring the quality, safekeeping and availability of the data . The information systems manager or information services manager should make every effort to ensure implementation of the proposed security measures and inform the security manager accordingly . Nevertheless, it is vital to adequately segregate information systems on the basis of the nature of the personal data to be processed . It is important to certify information systems if substantial changes are made that affect the security thereof. In this way, we can be sure that information systems are properly supervised and that the security document is current and up-to-date . www.yourlegalconsultants.com [email_address]
DOCUMENTS FOR THE MANAGEMENT OF PERSONAL DATA Payment required www.yourlegalconsultants.com [email_address]
9. PROCEDURE DOCUMENTS ,[object Object],[object Object],www.yourlegalconsultants.com [email_address] ,[object Object],[object Object]
10. COMPLEMENTARY AND IT GOVERNMENT DOCUMENTS ,[object Object],[object Object],www.yourlegalconsultants.com [email_address] ,[object Object],[object Object]
11. SECURITY AND AUDIT DOCUMENTS ,[object Object],[object Object],www.yourlegalconsultants.com [email_address] ,[object Object],[object Object],[object Object],[object Object]
Thank you for your interest [email_address] For personal queries, please contact: www.yourlegalconsultants.com [email_address]

Recommended

Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process InformationCristina Villavicencio
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Responsible for information
Responsible for informationResponsible for information
Responsible for informationDunton Environmental
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 

Recommended

Data Protection: Process Information
Data Protection: Process InformationData Protection: Process Information
Data Protection: Process InformationCristina Villavicencio
 
The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law The Summary Guide to Compliance with the Kenya Data Protection Law
The Summary Guide to Compliance with the Kenya Data Protection Law Owako Rodah
 
Urgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiUrgensi RUU Perlindungan Data Pribadi
Urgensi RUU Perlindungan Data PribadiEryk Budi Pratama
 
The Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarThe Rise of Data Ethics and Security - AIDI Webinar
The Rise of Data Ethics and Security - AIDI WebinarEryk Budi Pratama
 
Solutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionSolutions for privacy, disclosure and encryption
Solutions for privacy, disclosure and encryptionTrend Micro
 
Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...Law firm information security overview focus on encryption by dave cunningh...
Law firm information security overview focus on encryption by dave cunningh...David Cunningham
 
Responsible for information
Responsible for informationResponsible for information
Responsible for informationDunton Environmental
 
The Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving ComplianceThe Role of Password Management in Achieving Compliance
The Role of Password Management in Achieving CompliancePortalGuard
 
BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBMargaret (Peggy) Daley
 
Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRReynold Leming
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to ActCathy Gilmartin
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)Craig Mullins
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the CloudIESL - The Institution of Engineers, Sri Lanka
 
Information Asset Registers: A Short Guide
Information Asset Registers: A Short GuideInformation Asset Registers: A Short Guide
Information Asset Registers: A Short GuideJanet Brimson
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & SecurityEryk Budi Pratama
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Exove
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 
Data Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service OverviewData Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service OverviewDVV Solutions Third Party Risk Management
 
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2ShubhraGoyal4
 

More Related Content

What's hot

Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRReynold Leming
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Happiest Minds Technologies
 
Data protection act
Data protection act Data protection act
Data protection act Iqbal Bocus
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role HackerOne
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacySolix Technologies, Inc
 
The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)Craig Mullins
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copySandra (Sandy) Dunn
 
Information Asset Registers: A Short Guide
Information Asset Registers: A Short GuideInformation Asset Registers: A Short Guide
Information Asset Registers: A Short GuideJanet Brimson
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementEryk Budi Pratama
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykEryk Budi Pratama
 
Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the ChaosJohn Hansen
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Exove
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Jan Carroza
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA ComplianceRaffa Learning Community
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...- Mark - Fullbright
 

What's hot (20)

BRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEBBRG_TAP_IG_20150826_WEB
BRG_TAP_IG_20150826_WEB
 
Using an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPRUsing an Information Asset Register for the GDPR
Using an Information Asset Register for the GDPR
 
GDPR: Time to Act
GDPR: Time to ActGDPR: Time to Act
GDPR: Time to Act
 
Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)Complete Guide to General Data Protection Regulation (GDPR)
Complete Guide to General Data Protection Regulation (GDPR)
 
Data protection act
Data protection act Data protection act
Data protection act
 
Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role Everything you Need to Know about The Data Protection Officer Role
Everything you Need to Know about The Data Protection Officer Role
 
Eight principles of consumer data privacy
Eight principles of consumer data privacyEight principles of consumer data privacy
Eight principles of consumer data privacy
 
The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)The impact of regulatory compliance on DBA(latest)
The impact of regulatory compliance on DBA(latest)
 
Data goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copyData goverance two_8.2.18 - copy
Data goverance two_8.2.18 - copy
 
Data Sovereignty and the Cloud
Data Sovereignty and the CloudData Sovereignty and the Cloud
Data Sovereignty and the Cloud
 
Information Asset Registers: A Short Guide
Information Asset Registers: A Short GuideInformation Asset Registers: A Short Guide
Information Asset Registers: A Short Guide
 
Data Privacy & Security
Data Privacy & SecurityData Privacy & Security
Data Privacy & Security
 
Common Practice in Data Privacy Program Management
Common Practice in Data Privacy Program ManagementCommon Practice in Data Privacy Program Management
Common Practice in Data Privacy Program Management
 
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_ErykData Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
Data Protection Indonesia: Basic Regulation and Technical Aspects_Eryk
 
Governing the Chaos
Governing the ChaosGoverning the Chaos
Governing the Chaos
 
Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)Developer view on new EU privacy legislation (GDPR)
Developer view on new EU privacy legislation (GDPR)
 
Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...Personally Identifiable Information – FTC: Identity theft is the most common ...
Personally Identifiable Information – FTC: Identity theft is the most common ...
 
2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance2017-01-24 Introduction of PCI and HIPAA Compliance
2017-01-24 Introduction of PCI and HIPAA Compliance
 
Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...Introduction to Data Security Breach Preparedness with Model Data Security Br...
Introduction to Data Security Breach Preparedness with Model Data Security Br...
 
Data Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service OverviewData Protection & GDPR Health Check Service Overview
Data Protection & GDPR Health Check Service Overview
 

Similar to Data protection process information

Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessSirius
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxrtodd599
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessSirius
 
Information security
Information securityInformation security
Information securitySanjay Tiwari
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfEnov8
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemIlonaThornburg83
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxSteveNgigi2
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docxoswald1horne84988
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentBill Lisse
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001Owako Rodah
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Qualsys Ltd
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix LLC
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009asundaram1
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfCIOWomenMagazine
 
Boosting Cybersecurity with Data Governance (peer reviewed)
Boosting Cybersecurity with Data Governance (peer reviewed)Boosting Cybersecurity with Data Governance (peer reviewed)
Boosting Cybersecurity with Data Governance (peer reviewed)Guy Pearce
 

Similar to Data protection process information (20)

Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to SuccessAddressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
Addressing the EU GDPR & New York Cybersecurity Requirements: 3 Keys to Success
 
Unit 5 v2
Unit 5 v2Unit 5 v2
Unit 5 v2
 
Index data protection
Index data protectionIndex data protection
Index data protection
 
Index data protection
Index data protectionIndex data protection
Index data protection
 
Sample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docxSample Data Security PoliciesThis document provides three ex.docx
Sample Data Security PoliciesThis document provides three ex.docx
 
Data security and privacy
Data security and privacyData security and privacy
Data security and privacy
 
Keep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR SuccessKeep Calm and Comply: 3 Keys to GDPR Success
Keep Calm and Comply: 3 Keys to GDPR Success
 
Information security
Information securityInformation security
Information security
 
Article - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdfArticle - 10 best data compliance practices .pdf
Article - 10 best data compliance practices .pdf
 
Data Security
Data SecurityData Security
Data Security
 
Module 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancemModule 02 Performance Risk-based Analytics With all the advancem
Module 02 Performance Risk-based Analytics With all the advancem
 
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docxDATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
DATA PROTECTION IMPACT ASSESSMENT TEMPLATE (ODPC).docx
 
1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx1 3Financial Service Security EngagementLearning Team .docx
1 3Financial Service Security EngagementLearning Team .docx
 
ISSA Data Retention Policy Development
ISSA Data Retention Policy DevelopmentISSA Data Retention Policy Development
ISSA Data Retention Policy Development
 
General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001General Data Protection Regulation (GDPR) and ISO 27001
General Data Protection Regulation (GDPR) and ISO 27001
 
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
Preparing for GDPR: General Data Protection Regulation - Stakeholder Presenta...
 
Opteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdfOpteamix_whitepaper_Data Masking Strategy.pdf
Opteamix_whitepaper_Data Masking Strategy.pdf
 
2009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-20092009 iapp-the corpprivacydeptmar13-2009
2009 iapp-the corpprivacydeptmar13-2009
 
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdfData Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
Data Privacy Compliance Navigating the Evolving Regulatory Landscape.pdf
 
Boosting Cybersecurity with Data Governance (peer reviewed)
Boosting Cybersecurity with Data Governance (peer reviewed)Boosting Cybersecurity with Data Governance (peer reviewed)
Boosting Cybersecurity with Data Governance (peer reviewed)
 

More from yourlegalconsultants

Criminal respnsibility: recommendations
Criminal respnsibility: recommendationsCriminal respnsibility: recommendations
Criminal respnsibility: recommendationsyourlegalconsultants
 
Company responsibility: Digital Evidence
Company responsibility: Digital EvidenceCompany responsibility: Digital Evidence
Company responsibility: Digital Evidenceyourlegalconsultants
 
Technology Transfer General Concepts. Part II
Technology Transfer General Concepts. Part IITechnology Transfer General Concepts. Part II
Technology Transfer General Concepts. Part IIyourlegalconsultants
 
Internet. electronic invoicement. legal requirements
Internet. electronic invoicement. legal requirementsInternet. electronic invoicement. legal requirements
Internet. electronic invoicement. legal requirementsyourlegalconsultants
 

More from yourlegalconsultants (9)

Social Networks
Social NetworksSocial Networks
Social Networks
 
Criminal respnsibility: recommendations
Criminal respnsibility: recommendationsCriminal respnsibility: recommendations
Criminal respnsibility: recommendations
 
Social Networks
Social NetworksSocial Networks
Social Networks
 
Digital evidence
Digital evidenceDigital evidence
Digital evidence
 
Company responsibility: Digital Evidence
Company responsibility: Digital EvidenceCompany responsibility: Digital Evidence
Company responsibility: Digital Evidence
 
Technology Transfer General Concepts. Part II
Technology Transfer General Concepts. Part IITechnology Transfer General Concepts. Part II
Technology Transfer General Concepts. Part II
 
Internet. electronic invoicement. legal requirements
Internet. electronic invoicement. legal requirementsInternet. electronic invoicement. legal requirements
Internet. electronic invoicement. legal requirements
 
Digital content creations
Digital content creationsDigital content creations
Digital content creations
 
Security document index
Security document indexSecurity document index
Security document index
 

Recently uploaded

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024BookNet Canada
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsAndrey Dotsenko
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksSoftradix Technologies
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...Fwdays
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024BookNet Canada
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024Scott Keck-Warren
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Wonjun Hwang
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfjimielynbastida
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsPrecisely
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationSafe Software
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGMarianaLemus7
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr LapshynFwdays
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Patryk Bandurski
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraDeakin University
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphNeo4j
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfngoud9212
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):comworks
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsRizwan Syed
 

Recently uploaded (20)

Pigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food ManufacturingPigging Solutions in Pet Food Manufacturing
Pigging Solutions in Pet Food Manufacturing
 
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
New from BookNet Canada for 2024: BNC BiblioShare - Tech Forum 2024
 
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmaticsKotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
Kotlin Multiplatform & Compose Multiplatform - Starter kit for pragmatics
 
Benefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other FrameworksBenefits Of Flutter Compared To Other Frameworks
Benefits Of Flutter Compared To Other Frameworks
 
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks..."LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
"LLMs for Python Engineers: Advanced Data Analysis and Semantic Kernel",Oleks...
 
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
#StandardsGoals for 2024: What’s new for BISAC - Tech Forum 2024
 
SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024SQL Database Design For Developers at php[tek] 2024
SQL Database Design For Developers at php[tek] 2024
 
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
Bun (KitWorks Team Study 노별마루 발표 2024.4.22)
 
Science&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdfScience&tech:THE INFORMATION AGE STS.pdf
Science&tech:THE INFORMATION AGE STS.pdf
 
Unlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power SystemsUnlocking the Potential of the Cloud for IBM Power Systems
Unlocking the Potential of the Cloud for IBM Power Systems
 
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry InnovationBeyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
Beyond Boundaries: Leveraging No-Code Solutions for Industry Innovation
 
APIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDGAPIForce Zurich 5 April Automation LPDG
APIForce Zurich 5 April Automation LPDG
 
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
"Federated learning: out of reach no matter how close",Oleksandr Lapshyn
 
DMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special EditionDMCC Future of Trade Web3 - Special Edition
DMCC Future of Trade Web3 - Special Edition
 
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
Integration and Automation in Practice: CI/CD in Mule Integration and Automat...
 
Artificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning eraArtificial intelligence in the post-deep learning era
Artificial intelligence in the post-deep learning era
 
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge GraphSIEMENS: RAPUNZEL – A Tale About Knowledge Graph
SIEMENS: RAPUNZEL – A Tale About Knowledge Graph
 
Bluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdfBluetooth Controlled Car with Arduino.pdf
Bluetooth Controlled Car with Arduino.pdf
 
CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):CloudStudio User manual (basic edition):
CloudStudio User manual (basic edition):
 
Scanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL CertsScanning the Internet for External Cloud Exposures via SSL Certs
Scanning the Internet for External Cloud Exposures via SSL Certs
 

Data protection process information

  • 1. www.yourlegalconsultants.com [email_address] Data protection and security Process information
  • 2. IMPLEMENTATION PROCEDURE: KEY ISSUES Free information 1. CONCEPT OF PERSONAL DATA PROTECTION 2. ANALYSIS AND DETECTION OF PERSONAL DATA PROCESSING 3. IDENTIFICATION OF THE RESPONSIBILITIES OF THE DIFFERENT DEPARTMENTS 4. CLASSIFICATION OF FILES 5. CREATION OF AN INTERNAL COMPANY POLICY 6. IDENTIFICATION OF THE PROCESSING OF PERSONAL DATA BY THIRD PARTIES 7. IDENTIFICATION OF THE NEED TO TRANSFER DATA BETWEEN COMPANIES 8. SECURITY DOCUMENT, NOTIFICATION, FILE REGISTERS AND CERTIFICATION OF CORRECT IMPLEMENTATION DOCUMENTS FOR THE IMPLEMENTATION OF DATA PROTECTION Payment required 9. PROCEDURE DOCUMENTS 10. COMPLEMENTARY AND IT GOVERNMENT DOCUMENTS 11. SECURITY AND AUDIT DOCUMENTS www.yourlegalconsultants.com [email_address]
  • 3. PERSONAL DATA PROTECTION Free information www.yourlegalconsultants.com [email_address]
  • 4. 1. CONCEPT OF PERSONAL DATA PROTECTION Concept The protection of personal data is governed by Organic Law 15/1999, of 13 December, on the protection of personal data, and its regulations . Personal data is all numeric, alphabetical, graphic, photographic, acoustic or any other type of information concerning identified or identifiable natural persons It is classified into three levels : Basic Medium High We must make a special mention of personal data in relation to health: Information on the present, past and future physical or mental health of an individual. In particular, information referring to a person's percentage of disability or genetic information is considered health data . www.yourlegalconsultants.com [email_address]
  • 5. 2. ANALYSIS AND DETECTION OF PERSONAL DATA PROCESSING The processing of personal data may be conducted internally or outsourced : A. Internal processing Examples: 1. Marketing- Mailing of sales information, etc. 2. Human Resources – Receipt of CVs, the carrying out of psychological assessments, etc. 3. Quality – Processes associated with personal data 4. Legal – Contracts, debts, audits, etc. B. Processing of data by third companies 1. Accounting firms 2. Lawyers It is important to bear in mind that the security manager should give clear instructions to subcontracted companies with regard to security measures . www.yourlegalconsultants.com [email_address]
  • 6. 3. IDENTIFICATION OF THE RESPONSIBILITIES OF THE DIFFERENT DEPARTMENTS It is important that each department is aware of its responsibility with regard to the protection of personal data: A. Each type of data to be processed requires the adaptation of instructions to each department in the company Examples: 1. Marketing- Was the data subject’s consent obtained for sending sales information? 2. Human Resources – Is the information that is received for job applications used only for this purpose? 3. Quality – Can the information associated with processes be simplified so that it can be classified as basic level data? 4. Legal – In what cases is it necessary to obtain the data subject's consent? B. What are the advantages of appointing a personal data coordinator in each department? 1. Supervise interaction with other departments 2. Approval of processes to avoid complaints It is important to centralise information in accordance with the instructions of the systems manager . www.yourlegalconsultants.com [email_address]
  • 7. 4. CLASSIFICATION OF FILES Personal data is protected through the use of security measures appropriate to the nature of the data (basic, medium, high) If the three types of data are stored in the same file, high level data security measures apply It is advisable to classify files on the basis of the nature of the data contained therein in order to provide the appropriate security measures The systems or security manager plays a vital role in this classification Nevertheless, it is important that the different databases or files that might be organised separately are unidentifiable It is important to know when the systems can be designed according to these criteria or, alternatively, the files can be classified according to their applicability. For example: (contacts in internal information systems, psychological assessments, etc.) www.yourlegalconsultants.com [email_address]
  • 8. 5. CREATION OF AN INTERNAL COMPANY POLICY A very effective tool for ensuring that company policy with regard to personal data is known and observed by all employees is to include several clauses in the policy to prevent possible data leakage, just to mention an example . Company policy is an internal document that sets out codes of conduct and aims to prevent conduct that could lead to the dismissal of employees . It is a very effective tool for the Human Resources Department when it comes to defining possible offences. For the IT Department, it is a tool that prevents misuse of internal and external communication systems. For the Legal Department, internal company policy is useful for the prevention of intellectual property offences . When defining company policy, it is important to enlist the cooperation of the company’s senior management and, when applicable, company associates . www.yourlegalconsultants.com [email_address]
  • 9. 6. IDENTIFICATION OF THE PROCESSING OF DATA BY THIRD PARTIES It is necessary to draw a distinction between the communication and disclosure of data The communication of data does not entail the processing of personal data by third parties, but it does involve the use of the data to perform specific functions. (The development of a Web project, etc.) The disclosure of data, however, involves the processing of personal data for the development of services (the carrying out of promotional campaigns by third parties, the payment of wages by third parties, etc.) When services that are outsourced to third parties require the communication of data, when the project has been completed, the data should be returned or destroyed, and this obligation should be set out in writing. When services that are outsourced require the processing of data, the security manager should take account of a number of instructions that ensure the security of the data, and which should be conveyed to the persons concerned. It is important to sign the appropriate documents for each situation. www.yourlegalconsultants.com [email_address]
  • 10. 7. IDENTIFICATION OF THE NEED TO TRANSFER DATA BETWEEN COMPANIES There are two different situations, but with the same objective : A. There is a group of companies that will probably share data B. There is a transfer of data to another company with which the company has a business collaboration relationship. In both cases, the data is transferred, but the scope of the transfer requires that this be organised in different ways and the security manager has various alternatives available. It is important to define the situations before signing the documents governing the transfer of data between companies . www.yourlegalconsultants.com [email_address]
  • 11. 8.SECURITY DOCUMENT, NOTIFICATION, REGISTERS AND CERTIFICATION The security document sets out the appropriate security measures and indicates the security level (basic, medium, high) of files that have already been registered in the Data Protection Agency or Competent Supervisory Authority register . Any changes to a file registered in the Register must be communicated to the Data Protection Agency register . It is advisable to design information systems in accordance with criteria that guarantees the nature of the personal data processed, ensuring the quality, safekeeping and availability of the data . The information systems manager or information services manager should make every effort to ensure implementation of the proposed security measures and inform the security manager accordingly . Nevertheless, it is vital to adequately segregate information systems on the basis of the nature of the personal data to be processed . It is important to certify information systems if substantial changes are made that affect the security thereof. In this way, we can be sure that information systems are properly supervised and that the security document is current and up-to-date . www.yourlegalconsultants.com [email_address]
  • 12. DOCUMENTS FOR THE MANAGEMENT OF PERSONAL DATA Payment required www.yourlegalconsultants.com [email_address]
  • 13.
  • 14.
  • 15.
  • 16. Thank you for your interest [email_address] For personal queries, please contact: www.yourlegalconsultants.com [email_address]