The implementation of the LOPD: hard work, ladies and gentlemen. Part II
16/09/2016
The other day, sitting on a terrace, a friend asked me what was that about cookies . In an attempt to clarify his doubts, what I achieved was to create more confusion for him:
- But I do not understand. If I have a website and I don't know anything about computing, or programming, or anything, how will I know which cookies are installed, their duration, their manager, their purpose and stuff?
And it is that, if one thing is true, the LOPD (and the LSSICE, in the case of cookies) is not easy to apply .
Diagram example of a person responsible for the standard file in relation to the LOPD
In this post we want to show you some difficulties that we have encountered when carrying out the projects that we implement in companies.
Difficulties in data collection:
- Segmentation of information in departments, external companies...
- Low priority for adaptation by the company
- Processes and functions of personnel not previously defined
Difficulties in the registration of files
- Lack of specificity in the files in the company and its purposes
- Segmentation and dispersion of the files that are processed in the company among its departments
- Lack of knowledge of the origin of the data and legitimacy for its treatment
- Non-communication of the creation of new files and/or parallel treatments to those already registered
Difficulties in relations with data processors
- Lack of information on outsourcing
- Difficulty in signing the contract
- Non-preliminary adaptation of the person in charge to the data protection regulations
- Definition of complex clauses depending on the type of service contracted
- Processors who do not comply with the required security guarantees
Difficulties in data collection by the company
- Lack of control due to outsourcing of services
- Subsequent use of data for different purposes without prior information in data collection
- No traceability in the databases
- Databases acquired from third parties
- Lack of information on data processing in form designs
- Uninformed or consented commercial communications
Difficulties in complementary legislation
- Knowledge and management of laws
- Update on sectoral and complementary legislative modifications
Difficulties in international data transfers
- No transparency on the part of the service provider
- International location of the server provider
- Language
- Inaccuracy and/or lack of information about the servers and their hosting
- Lack of documentation
- Lack of information on outsourcing of services
Difficulties in internal relations in the company
- Lack of knowledge of internal protocols by staff, administrators and/or managers
- Non- involvement of staff and/or administrators
- Perception of work load by workers
- Undefined personnel functions
Difficulties in the applicability of reports and security measures
- very technical reports
- Extensive and complex documentation
- Non-review and application of reports by the security officer
- Habits and customs acquired
In short: we believe that the best phrase that summarizes the difficulties is, without a doubt, "lack of communication, involvement and great complexity".
Idaira Hernandez Peraza
Director of Consultants Peraza & Asociados, SL
Photo source: Google Images tagged for reuse