Audit of safety of information systems -Reglamento General data protection
- Is an application that enables the organization to keep a record of activities of processing of personal data as well as to facilitate the implementation of the rest of obligations of the General regulation of data protection (RGPD) and Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD), including the realization of risk analysis of treatment for the rights and freedoms of individuals, and, in its case, the impact assessment of processing operations in the protection of personal data. This is based on a series of questionnaires carefully made that each Responsible for Treatment of personal data must be completed on treatments under its responsibility.
- Target audience:
- Any Public Administration
- Agencies Responsible:
- Labour ministry, migrations and Social security
- Branch of work, migrations and Social security
- S.G. Technologies of the information and communications
- Installable product
- Type of Solution:
- Status of the Solution:
- Organic Area:
- Technical Area:
- Standardisation and regulation
- Subtype of data model:
- Information structure (semantic Standard)
- Functional Area:
- Government and the public Sector
- This License for AAPP
- Interoperability level:
- Programming language:
- Operating system:
The goal is to implement the Regulation (HAT) 2016/679 OF THE EUROPEAN PARLIAMENT AND of the board of 27 April 2016 on the protection of individuals with regard to the treatment of personal data and on the free movement of such data and to the Organic Law 3/2018, 5 December, of protection of personal data and guarantee of digital rights (LOPD-GDD).
ASSI-RGPD is an application that allows each responsible for processing of personal data the following activities, for each of the treatments of personal data (TDP) of which is responsible:
- Provide the necessary information of each TDP to be included in the register of treatment activities required by the General regulation of data protection (RGPD) and in the inventory of LOPD-GDD treatments.
- Perform risk analysis of treatment for the rights and freedoms of individuals, and, in its case, the impact assessment of processing operations in the protection of personal data. This will determine the security package of National security Scheme (NHIS), measures ENS Type I or measures ENS Type (II, which intends to apply to securizar the processing of personal data and, in its case, the notice to the maintainer of treatment to perform the impact assessment Widespread for certain treatments of personal data, as established by the AEPD in https :// www.aepd.es/media/criteria/listas-dpia-es-35-4.pdf .
- Verify compliance with the rest of regulatory aspects of RGPD and LOPD-GDD.
Estas actividades se realizan cumplimentando una serie de cuestionarios por parte de los responsables de TDP para cada uno de los TDPs bajo su responsabilidad.
It presents a series of reports, documents, etc, with the aim of helping in the fulfilment of the obligations that sets the RGPD and LOPD-GDD.
News26 November 2019
New version of ASSI-RGPD Unshade accordion
In this new version provides the following improvements/features/…..:
- Adaptación al contenido de la LOPD-GDD publicada en Diciembre del año pasado (menores, infracciones administrativas y penales, fallecidos, recomendaciones a los Responsables de Tratamiento, encargados de tratamiento, consentimiento,…)
- Improvements in the content contained/removable ASSI-RGPD:
Institutional - email unity for not publish emails Responsible professionals treatment).
- Generation and export of registration of treatment activities (RAT).
- Best wording of some texts that appear in the tab Risk analysis and impact assessment (for example: instead of DO the treatment involves making a video surveillance on a large scale? will appear Is there a systematic observation on a large scale of an area of public access (for example: CCTV with automatic detection and recognition of the identity of the people in a public square)?
- Extension of the size of text of several fields for the person responsible for processing can properly document (Name of treatment and necessity and proportionality of operations).
- Improvement of aid that offers the application (content that goes to the RAT, explanation of the process of calculation of measures ENS Type I and measures ENS Type II, what information required to sign the pdf containing for a treatment of personal data all the information entered in ASSI-RGPD, etc).
- New version of the drafts of clauses informative.
- Improvements in the generation and extraction of reports (report of treatments, registration of activities of treatments, Report, qualitative and Quantitative Report).
- Histórico de eliminaciones y recuperaciones justificadas de tratamientos de datos personales (TDP) junto con la identificación de quiénes lo hicieron y cuándo lo hicieron.
- From administration management of the implementation of the structure and contents of the library of Responsible aid TDP (files doc with forms, rights of stakeholders, recommendations for the recruitment of responsible for treatment, regulations, etc).
- Mejoras en el formato del contenido del pdf que se genera.
- Generación de un aviso al Responsable de Tratamiento para que, en su caso, realice una Evaluación de Impacto Extendida relativa a ciertos tratamientos atendiendo a lo establecido por la AEPD en https :// www.aepd.es/press/2019-07-09.html
- Updating the User Manual.
Has been uploaded to the both PAE version 2.1.0 as the upgrade from the previous version (1.1.16) to version 2.1.0