The implementation of the LOPD: hard work, ladies and gentlemen. Part I

12/09/2016

Definitely, talking about a 100% implementation in accordance with data protection regulations is by no means an easy task.

If we outsource this service, the task of the adviser should be , in addition to recognizing and solving possible problems that may be found, that of motivating, training, explaining (and in some cases imposing) the personnel, managers and senior positions, the concepts Basic information that will help to implement the security measures aimed at guaranteeing a correct adaptation to the regulations.

Much is said about involvement , but it must not be forgotten that this must be reciprocal, both for the company and its workers, as well as for the adviser himself, since this is the key to good coordination between the two .

It is necessary to achieve the involvement of all the people involved in these processes (administrators, managers, staff and even those in charge of external processing); It is essential to generate and process a large amount of documentation that implies extensive and very specific knowledge on the part of whoever generates it ; It is necessary to gather and be able to conveniently structure a large amount of information that allows to capture the most accurate image possible of the company's relationship with the personal data it handles ... It is an arduous task in many respects, but However, if it is done correctly, the results can be optimal and even be perceived as favorable by the workers themselves.

All this effort translates into changes, often accentuated, in the organization itself, in the way of carrying out the usual tasks, in the awareness of the people that make it up about the importance of paying attention to data management, as well as in the perception of the improvements that the adaptation process can bring about in relation to the quality and efficiency of the work that is usually carried out in the company.

For all these reasons, it does not seem that the appropriate way to address this issue is to adopt the " do it yourself" formula, given that it is very difficult for companies to have someone with the necessary skills and knowledge among their staff, as well as the availability of time required to carry out all the actions involved in carrying out an adaptation process correctly.

This brings us to the figure of the data protection adviser . In addition to the technical, organizational and legal knowledge required by law, the latter must have a great negotiating and persuasive capacity, which allows him to deal effectively with suspicion, the feeling of intrusion, lack of priority or simple lack of interest that the process of adequacy may arise among the staff and those responsible for the company (as well as a dose of patience).

The problem in the adaptation processes to the LOPD could be explained, perhaps, by the confluence of several factors that mean that the data protection adviser is not yet a valued figure, since there is no status for the adviser, a professional association , an approval, an official certification... However, this will change with the recent approval of the European Data Protection Regulation, which as a novelty incorporates the figure of the DPO (Data Protection Officer or, in Spanish, the Data Protection Officer).



Idaira Hernandez Peraza

Director of Consultants Peraza & Asociados, SL



Photo source: Google Images tagged for reuse