The Spanish data protection (AEPD) has published the List of compliance , a document with which organizations can identify and verify that they are taking into account the requirements established by the General rules on data protection, which will be implemented on 25 may.
The list of current legislation is a basic method that allows you to get an overview on the adequacy of a processing of personal data to RGPD; it is particularly useful for both the processes of analysis of risk and impact assessments. The document shows aspects must be analysed to ensure that data treatments are being under the new rules. In this regard, it is divided in 29 blocks, including those relating to transparency in the information which must be provided to citizens, the exercise of rights by these, the registration of activities, security or international transfers.
The regulation provides that those who seek a data set of measures to comply - and will be able to demonstrate - with the new principles and rights provided for the new rules. Also takes up the processes of analysis of risks must be made objectively, conscious and verifiable by those responsible. In this task of identifying the risks to their subsequent management, must be taken in compliance with the risks associated with the normative framework. This includes the need to maintain documented all processes with the objective of establishing diligence in the discharge. The analysis that could be done in completing this List can be incorporated into the database, and documentary each organization to interpret the result obtained and address possible shortcomings that had been identified.
This material, which constitutes a tool to support implementation, complements the guides Risk analysis and Impact assessment and road map made by the agency for companies and private organizations. For organizations that promote low risk data, the agency already provides Facilitates _ RGPD a questionnaire, free online companies and professionals that may obtain minimum essential documents to help meet with the rules of procedure.
Original source of data: Spanish data protection (AEPD )