On May 25, the famous RGPD came into force in Europe , a law we have heard so much about. The new regulation affects both websites and blogs that through their different contact forms, subscriptions or comments collect personal data of individuals. These, from the entry into force of this law, are required to adopt a series of procedures that until now were not necessary. This new Medical Mail List regulation, the RGPD is mandatory compliance throughout the European Union.
What is the RGPD? How does it affect us and what obligations do I have as a company? Well, in this article, we are going to explain to you why you should use the regulations in your favor. Without further delay, let’s move on to the subject.
WHAT IS RGPD?
The RGPD, that is, the General Data Protection Regulation is a regulation applicable to both large corporations and micro-SMEs that regulates the protection of the privacy of the data of the inhabitants of the European Union. The fundamental objective is to establish in the companies a system that offers security and control of the personal data of the consumers.
AND THE LOPD?
Prior to the RGPD, there was a frame of reference in terms of data protection at the Spanish level, the LOPD. The Organic Law for the Protection of Personal Data (LOPD) had been the regulatory law for the time being. However, with the approval of the RGPD, new concepts and obligations appear for companies and organizations in the EU. At the national level, the RGPD becomes internal regulations but, to be more comprehensible in the member countries, the RGPD is expected to “adapt” to the country, in our case, this translates into a new Organic Law on Data Protection more updated.
IS IT REALLY NECESSARY IN MY COMPANY?
As a company, you capture personal data through contact forms, subscriptions or comments that may be given on the web or the blog. In all these cases, you accept the following personal sections:
- First name
Both personal data collected in your database must be treated under a legal representative of the company. The more control, the better. Beforehand, there must be a clear procedure in which the interested party expresses his acceptance to the processing of personal data in a specific and clear manner. Hence, we have received these days since its entry into force many emails from those websites and / or App that have our personal data so that we accept clearly the authorization of the processing of our personal data.
With the entry of the RGPD, new obligations appear for administrations, companies and other types of identities. For its correct implementation, we recommend that you do the following:
- Manage the database Before moving on to the following sections, you must ensure that all the personal data that you have in your database are controlled. By controlled, we refer to your careful treatment as your protection.
- Ensure data portability. Every customer has the right to request the transfer of data from one company to another. Facilitate their mobility, will bring an effective service that the client recognizes as theirs.
- Minimize risks . Evaluate the possible impact on the privacy of people when processing personal data. In this case, to prevent such situation from occurring, it is advisable to establish measures to reduce the risk or, at best, eliminate it. Of course, keep in mind that in case of an attack, you must notify the security breach up to 72 hours after its discovery.
- Ask for the express consent . Say goodbye to the boxes pre-marked by default in the form, the client must make it clear that he gives his express consent. The request in this case must be kept in an intelligible format with a simple language and, above all, clear to the user.
- Implement the figure of the data manager. While it is true that not all companies should have one. However, if they do, some of their functions will focus on monitoring compliance with regulations, informing and advising employees about their obligations in reference to the data protection law.