Compliance in data protection law
We implement compliance models in corporations and public entities to fulfill data protection obligations
- Diagnostic Audit, including a complete and detailed analysis to establish a baseline on the processing of personal data and its protection, as well as the level of knowledge and compliance with legal obligations.
- Identify the existing databases and the legal assumptions that enable the processing of personal data. Survey of personal databases within the institution, with classification of the type of data stored, the applicable security measures, the levels of access and confidentiality, and the parties responsible for and in charge of data processing.
- Examine the governance and responsibilities for information management within the institution. Determine the subjects or areas in charge of the legal and IT review of databases and their security.
- Prioritising risks and business decisions. Identification of data processing risks and business opportunities.
- Draw up the implementation plan. The implementation plan determines the concrete tasks that must be executed by the organization to satisfy the requirements of a personal data protection compliance model.
- Develop legal documentation, internal protocols and forms. The documentation will guide the future drafting of protocols, privacy policies, contracts and other types of regulations of the institution's activity.
- Identification of a data protection officer.
- Train managers and workers.
- Review of contracts with suppliers and subcontractors.
- Adopt privacy policies and data protection notices.
- Create a security breach reporting mechanism or procedure.
- Review the implementation of the institution's procedures.
- Test communication channels with customers for the exercise of rights holders' rights (hidden customer).