Annual renewal of data protection

Renew data protection every year

What should I do after implementing the Data Protection Regulation?

What are the benefits of having the services of a data protection consultant every year? data protection consultancy?

These are the questions that some businesses ask themselves every year when it comes to renewing the services of their data protection consultant and which we will answer below.

Prior to this, it is necessary to detail the logical steps of an implementation

How is the Data Protection Regulation implemented?

Any data protection consultant, will deliver / provide you with a series of documents that as a whole is called in various forms; Dossier, Manual or Data Protection System, even some nostalgic use the old name of Security Document, but all of them must include different documents that the RGPD and the LOPD requires you. For example:

Recordof Treatment Activities

-Impact Assessment

Assessment of theneed to designate a DPD/DPO

-Personnel and Assets Inventorywith details of authorized accesses.

-Security Policies

Protocolfor Security Breaches or Breaches

Clausesand Contracts to be signed by customers, employees, suppliers, etc.

-Distinctive

-Legal textsfor Websites

-Etc.

But this delivery of documents will only imply a partial compliance with the Data Protection Regulation, because there are things that no consultant can do for your company. For example:

Signingdocuments (contracts with suppliers, clauses with clients, confidentiality commitments and manuals with employees).

-Includelegal texts in quotations, email, web ….

Locatevideo surveillance or data protection signs in their facilities.

Applysecurity measures (backups, passwords, antivirus, etc.).

-Trainingin these Standards

Amongothers.

It is recommended to involve different components of your team (IT Dept., HR, Admin. etc.), to speed up the implementation.

What you should demand from your data protection consultant is that he/she provides you with an Implementation Guide, detailing each of the actions under his/her responsibility and it will depend on the consultant’s expertise and experience that this Guide is concise, practical and operational, which will greatly facilitate your work and will provide you with the necessary peace of mind to know that everything is in order.

What should I do after implementing data protection?

Not everything ends with the implementation, as there may be events that require different actions in terms of data protection. For example:

-Regulatory changes, (last in December 2018 with new LOPD-GDD), which would imply making changes in your Data Protection Dossier or Manual.

NewInstructions of the AEPD (last in July 2020 on cookies), in this case affects legal texts of your website and change the way to treat cookies in this.

If youhire the services of a new supplier (this involves drafting new processing manager contracts, updating the register of processing activities – RAT -, among others).

If youhire new employees (involves training them in data protection, you must provide them with documents that affect them according to their position and update different documentation in their Data Protection Dossier or Manual).

-If youactivate a Web or App (it implies the elaboration of legal texts ….), as well as updating the RAT, etc.

Ifa new video surveillance system is installed (it implies the elaboration of badges, since Securitas’ are not enough, informative clauses for employees, etc.), as well as updating the RAT, etc.

What are the benefits of having the services of a data protection consultant every year?

Obviously if you have a data protection consultant, all the above mentioned updating work will be done by them and most importantly, through their monitoring work, they will inform you of the deadlines to comply with changes in Regulations or Instructions and identify any of the above mentioned updating needs.

In addition, we provide examples of the benefits of having a consultant in successive years after the implementation(ask for each of these services in the contract, as not all of them provide these services):

-Assistancebefore inspections of the AEPD.

-CPR insurance policythat covers penalties to clients derived from the work of your consultant.

-Quality Sealfor Websites / Online Stores (renewable annually).

-Security Breach Assistance.

-Periodic Monitoring: Review and update of your Data Protection Dossier.

-Consulting Services: Advice on regulatory developments, development of procedures for action in the event of changes in your organization, doubts, customizations, etc.

-Legal assistance(lawyers appointed on your behalf): Attention to requests, exercise of rights, issuance of reports, etc.

Annual audits: if an expert verifies that you are doing everything right and issues a report (demand it), this creates responsibility on the part of the person issuing it, which benefits you. In addition this report is requested by different entities (AAPP, Large companies) obligatorily to provide them with services.

-Data protection training for new employees joining your company.

If your current consulting firm offers you all these services, the chances of complying with the RGPD + LOPD-GDD are very high and the chances of assuming a sanction very low.

Don’t resign yourself and count on real experts

If you want to count on experts of guarantees, (Data protection consultancy Valencia / LOPD Valencia) do not hesitate to contact us

[su_button url=”https://businessadapter.es/contacto” target=”blank” background=”#f6f903″ color=”#181818″ size=”7″ center=”yes” icon_color=”#000000″]WE HELP YOU[/su_button]

Contact us, we will be pleased to help you.
error: Content is protected !!