I believe that at this point we can all understand that the laws that regulate data protection are becoming more and more severe and now it is our turn, if possible even more, that all the law firms architecture and engineering adapt to General Data Protection Regulation (RGPD) promoted by the European Union, whose applicable regulations come into force on May 25, 2022.
This regulation implies that citizens have more control over their data and that companies and organizations benefit from equal conditions. A single regulation for all companies operating in the European Union (EU), regardless of where they have their headquarters.
Mainly, the regulation change is produced by the lack of trust in the old one, from the perspective of the digital technology environment, where the new regulations promote consumer confidence.
In the following infographic we can see the rights that are implemented for consumers: (By clicking on the image it is enlarged)
The GDPR compliance It is not just a matter of checking a few boxes; the Regulation requires you to be able to demonstrate compliance with its principles on data processing.
It involves adopting a risk-based approach to data protection, ensuring that adequate policies and procedures are in place to address provisions on transparency, responsibility and people's rights, as well as the creation of a culture of privacy and security over data in work place.
But… Who is affected by the GDPR?
It affects practically all architecture and engineering firms and firms.
The new standard has a broader scope. The GDPR applies to all EU organizations - be they commercial companies, charities or public authorities - that collect, store or process personal data of people residing in the EU, even if they are not EU citizens.
Organizations based outside the EU that provide goods or services to EU residents, monitor their behavior or process their personal data, are subject.
Service providers (data processors) who process data on behalf of an organization fall within the scope and will have specific compliance obligations.
From this portal we have wanted to create an infographic to understand the key points and guidelines to take into account to process a coherent adaptation … How does the GDPR affect your company?:
We wanted to review in a broader format which are the key and most important points to consider in each corresponding section:
1.- Data protection principles.Personal data must be treated in accordance with the six data protection principles:
2.- Administration and demonstration of the information.We must be able to demonstrate compliance with the GDPR.
3.- Data protection by design and by default. It is necessary to establish effective data protection practices and safeguards from the beginning and in all treatment.
4.- Legal processing. You must identify and document the legal basis for any processing of personal data.
5.- Valid consent. There are stricter rules for obtaining consent.
6.- Privacy rights of people. The rights of individuals are reinforced and expanded in a number of important areas.
7.- Transparency and privacy notices. Organizations and companies must be clear and transparent about how personal data is going to be processed, who is going to process it and why.
8.- Data security and infringement reports. Personal data must be protected against unauthorized processing and against accidental loss, destruction or deterioration.
From the Spanish Data Protection Agency there are a series of documents that will facilitate the task of being able to adapt to the regulations of the RGPD. The documents and tools of interest are:
We have to comment that in our opinion, the Data Protection Agency has fallen short from the perspective of offering data and information in an easy way to be able to implement it in the digital web portal that we have in our architecture studio or company. engineering.
The main drawback that we see is that a series of legal documents must be generated that we must keep and information that must be implemented on the web due to the activities we carry out; be it marketing, privacy policy and conditions of use, data collection of online users or their activities from a digital perspective. Come on, a good headache!
Solution!… We have looked for different platforms to see which one best suits us in adapting the web portal to the demands of the new regulation, and without a doubt, we were left with LEXblogger.
Make no mistake! Everyone will charge us, but this time quality-price is consistent and affordable, and through an internal program of the portal that is totally easy to use, we will have all the resources that the adaptation of the RGPD requires.
If you have a website in Wordpress, keep reading… Please!
You have to do a few things on the web portal to comply with the regulations:
The contact, subscriber and comment forms of every web portal should now have two new aspects that are:
This new information should be reflected more or less like the following image in the form on our website:
In theory, a new WordPress update will be released before the deadline where this implementation will be facilitated automatically. We are waiting for you!… But for those who are cautious, we want to leave 2 plugins for WordPress that do this function and they are:
There is also a need for another that records the activity of the users and allows the cancellation of data by the same if the user can register in the portal. For that, it is the GDPR plugin HERE.
Anyway! … You have to arm yourself with patience, and remember that it is less exasperating to adapt the regulations with LEXblogger.
If you liked this article, share it!