Any person whose activity is related or implies the use of personal data should have nowadays:
A basic management system of data protection that includes:
- The adoption of data protection policies;
- The creation of the necessary consents correctly adapted to the type of persons which information is being recollected and the channels that can be used in order to upload it;
- A handbook or guide of internal policies and procedures that contemplate the diverse stages of data, from its recollection, storage, usage, circulation, actualization, and elimination;
- A Manual of security measures both physical and systematized;
- Identification of the risks associated with the different uses of the information and the adoption of control techniques and tools that allow the management of that data;
- Measures related to the transference and transmission of the information that has been recollected as responsible for data treatment, and,
- An adequate process to solve petitions, complaints, and claims that guarantee the effective exercise of the rights of data bearers.
This basic system must conserve its vitality and dynamism through time, how can this be achieved?
Here there are some simple steps in order to fulfill this:
- Designate a Personal Data Protection Officer or a commissioned area.
It is a reality that the resources of every business are scarce or limited and that every business faces multiple challenges in a day to day basis that require full attention, and due to this, a special effort should be made in order to identify and choose someone that is fully qualified to understand and visualize the risks and opportunities that exist in the treatment of personal information.
If a specific area is designated in order to highlight the importance of the topic, a whole new business culture can be created to incorporate data protection. This little message can have a huge impact on permeating the organizational structure of a business and its newly created identity that becomes relevant for the employee, the client and even for the suppliers that can clearly identify who is in charge of driving this area. If these responsibilities are clearly established in the organizational chart its relevance stars becoming organic.
- Summon and connect every area that uses personal information or that is impacted by it as a part of corporative management. This task cannot solely rely upon the hands of an official or a specific area, as mostly all employees are in constant contact with personal information and must make important decisions with that information. Therefore, businesses should generate and promote the development of knowledge regarding the compliance of data protection, in order for them to have correct criteria and contribute to better development of the system that is being implemented.
- The President, General Manager or General Director of the business should know the relevance and importance of data protection, in order to give the topic a place within the business structure and culture that is being generated around it.
We will finish the steps on article part II.
For further informations or other issues around this topic, please contact us.