The Spanish data protection agency has published a document summarises the main actions to local governments (AALL) should be put in place before 25 may 2018, when they apply the General regulations on data protection (RGPD). These guidelines, the agency wants to encourage these entities are aware of the practical implications of the new regulations and can take the necessary measures to comply with the provisions set out in the same.
Document The new RGPD and its impact on the activities of local governments 15 points addressed in the main changes to be carried out by these entities to align their activities to the demands of the rules of procedure. In many cases, the effects of RGPD van to the same as for any other responsible or responsible but, in some areas, there are specific local administrations must take into consideration.
The document reflected, inter alia, the need to identify clearly the purposes and the legal basis for the treatments that are carried out; upgrading the information given to those involved when incorporates their data; establish mechanisms visible, accessible and straightforward so that citizens can exercise their rights, as well as procedures to respond to the exercise of rights within such time as the RGPD brand.
It also raises the need for risk analysis of the treatments; establish both a record of activities such as mechanisms to identify quickly the existence of security gaps and to react to them, and to nominate a representative of data protection (DPD). In the latter case, and because the sizes of AALL do not always have a viable DPD integrated into the Agency recalls that possible options is that the county councils provide these services or municipalities the common procurement of this function by several entities.