The General Data Protection Regulation (GDPR) has changed the way in which the treatment and processing of personal data is regulated. It is first important to identify the people who will be responsible for implementing a complete personal data protection program or policy. These individuals, called the Data Controller and Data Processor, are figures who must cover this obligation. According to Emilio Garate, Junior Partner, BC&B, a complete personal data protection program or policy must include: privacy notices; the appointment of a privacy officer or committee; agreements for personal data processing; policies and procedures for the exercising of Access, Rectification, Cancellation and Opposition (ARCO) rights; policies for the protection of personal data; inventories that indicate the type of personal data that is being collected; a data breach and response plan; training programs for management and employees; a list of functions and responsibilities of personnel in charge of data; and a manual that specifies the security measures that will be applied.
Read more