Help the development of the site, sharing the article with friends!
Compliance with the General Data Protection Regulation (RGPD)
I believe that at this point we can all understand that the laws that regulate data protection are becoming more and more severe and now it is our turn, if possible even more, that all the law firms architecture and engineering adapt to General Data Protection Regulation (RGPD) promoted by the European Union, whose applicable regulations come into force on May 25, 2022.
This regulation implies that citizens have more control over their data and that companies and organizations benefit from equal conditions. A single regulation for all companies operating in the European Union (EU), regardless of where they have their headquarters.
Mainly, the regulation change is produced by the lack of trust in the old one, from the perspective of the digital technology environment, where the new regulations promote consumer confidence.
In the following infographic we can see the rights that are implemented for consumers: (By clicking on the image it is enlarged)
Who does GDPR affect?
The GDPR compliance It is not just a matter of checking a few boxes; the Regulation requires you to be able to demonstrate compliance with its principles on data processing.
It involves adopting a risk-based approach to data protection, ensuring that adequate policies and procedures are in place to address provisions on transparency, responsibility and people's rights, as well as the creation of a culture of privacy and security over data in work place.
But… Who is affected by the GDPR?
- Companies and organizations based in the EU that collect or process personal data of residents of the EU.
- Non-EU companies and organizations that monitor behavior or provide data and services to EU residents
It affects practically all architecture and engineering firms and firms.
The new standard has a broader scope. The GDPR applies to all EU organizations - be they commercial companies, charities or public authorities - that collect, store or process personal data of people residing in the EU, even if they are not EU citizens.
Organizations based outside the EU that provide goods or services to EU residents, monitor their behavior or process their personal data, are subject.
Service providers (data processors) who process data on behalf of an organization fall within the scope and will have specific compliance obligations.
The GDPR infographic
From this portal we have wanted to create an infographic to understand the key points and guidelines to take into account to process a coherent adaptation … How does the GDPR affect your company?:
Key points to comply with data protection
We wanted to review in a broader format which are the key and most important points to consider in each corresponding section:
1.- Data protection principles.Personal data must be treated in accordance with the six data protection principles:
- Processed in a legal, fair and transparent manner.
- Collected only for specific and legitimate purposes.
- Adequate, relevant and limited to what is necessary.
- It must be accurate and kept up to date.
- Stored only as long as necessary.
- Ensuring adequate security, integrity, and confidentiality.
2.- Administration and demonstration of the information.We must be able to demonstrate compliance with the GDPR.
3.- Data protection by design and by default. It is necessary to establish effective data protection practices and safeguards from the beginning and in all treatment.
4.- Legal processing. You must identify and document the legal basis for any processing of personal data.
5.- Valid consent. There are stricter rules for obtaining consent.
6.- Privacy rights of people. The rights of individuals are reinforced and expanded in a number of important areas.
7.- Transparency and privacy notices. Organizations and companies must be clear and transparent about how personal data is going to be processed, who is going to process it and why.
8.- Data security and infringement reports. Personal data must be protected against unauthorized processing and against accidental loss, destruction or deterioration.
How to comply with the Regulations
From the Spanish Data Protection Agency there are a series of documents that will facilitate the task of being able to adapt to the regulations of the RGPD. The documents and tools of interest are:
- From the European Union an infographic in Spanish with summary information HERE.
- All documents and regulations of interest can be found from HERE. (There are many, put in the search engine "RGPD")
- In order to facilitate the adaptation to the RGPD to companies and professionals (those in charge of processing or responsible) who process personal data of low risk for the rights and freedoms of people, the Spanish Agency for Data Protection makes available the tool Facilita_RGPD .
- List of compliance with the Regulations with a «Check list» tool … HERE.
We have to comment that in our opinion, the Data Protection Agency has fallen short from the perspective of offering data and information in an easy way to be able to implement it in the digital web portal that we have in our architecture studio or company. engineering.
The main drawback that we see is that a series of legal documents must be generated that we must keep and information that must be implemented on the web due to the activities we carry out; be it marketing, privacy policy and conditions of use, data collection of online users or their activities from a digital perspective. Come on, a good headache!
Solution!… We have looked for different platforms to see which one best suits us in adapting the web portal to the demands of the new regulation, and without a doubt, we were left with LEXblogger.
Make no mistake! Everyone will charge us, but this time quality-price is consistent and affordable, and through an internal program of the portal that is totally easy to use, we will have all the resources that the adaptation of the RGPD requires.
If you have a website in Wordpress, keep reading… Please!
You have to do a few things on the web portal to comply with the regulations:
- Update your privacy and cookie policy
- Ask for express consent of everything
- Add an SSL certificate
- Install a security plugin that alerts you to security breaches
- Install an activity log plugin
- Install a plugin that makes life easier for the OPD
- Don't forget about cookies
The contact, subscriber and comment forms of every web portal should now have two new aspects that are:
- An explicit checkbox with the acceptance of our policies and transfer of data.
- A text where different information about the treatment of the data will appear.
This new information should be reflected more or less like the following image in the form on our website:
In theory, a new WordPress update will be released before the deadline where this implementation will be facilitated automatically. We are waiting for you!… But for those who are cautious, we want to leave 2 plugins for WordPress that do this function and they are:
- The WP GDPR Compliance plugin HERE. Add checkbox + All the text you want.
- The Advanced Comment Form plugin HERE. Although only the previous one would be enough, what this plugin does is insert a text above or below the form, and it is more aesthetic in the placement of the text.
There is also a need for another that records the activity of the users and allows the cancellation of data by the same if the user can register in the portal. For that, it is the GDPR plugin HERE.
Anyway! … You have to arm yourself with patience, and remember that it is less exasperating to adapt the regulations with LEXblogger.
If you liked this article, share it!
