www.yourlegalconsultants.com

info@yourlegalconsultants.com

Personal data protection

ALL THE DOCUMENTS RELATED TO DATA PROTECTION

www.yourlegalconsultants.com

info@yourlegalconsultants.com

DOCUMENTS RELATED TO DATA PROTECTION IMPLEMENTATION:

1. KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION

3. RELATED AGREEMENTS

3. SECURITY DOCUMENT

4. COMPLIANCE/AUDIT CERTIFICATE

5. COMPANY INTERNAL POLICY

www.yourlegalconsultants.com

info@yourlegalconsultants.com

PERSONAL DATA PROTECTION

Index of practical documents and explanation of appendix documentsAvailable in

www.yourlegalconsultants.com

www.yourlegalconsultants.com

info@yourlegalconsultants.com

1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (1/2)

This document contains key points that will help you to determine whether data protection has been correctly implemented or to determine what points are necessary to take into account in implementing the provisions of the data protection law.

SOME OF THE POINTS INCLUDED IN THIS SPREADSHEET ARE SHOWN IN THE FOLLOWING

Is the "company policy" document applicable to all stores and companies? Yes/No

      Is there a waiver of liability clause with regard to data transfer/disclosure? Yes/No

  Is there a data processing procedure to be followed by company employees? Yes/No

www.yourlegalconsultants.com

info@yourlegalconsultants.com

1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (2/2)

Is the occupational accident information associated to personal data? Yes/No

 Are e-mails sent to multiple recipients without the appropriate consent? Yes/No

        Is there a procedure for the cancellation/rectification/amendment of data? Yes/No

   Does your company consider that data is disclosed to third party service providers who access the data? Yes/No

      Has your company been notified of the creation of a video surveillance image file? Yes/No

                  The questions contained in this questionnaire lead to reflection on the level of protection being applied in a company.

www.yourlegalconsultants.com

info@yourlegalconsultants.com

2. DOCS: RELATED AGREEMENTS

Agreement documents related to data protection implementation, available at downloads, focus on the following areas:

•Database transfer between companies

This document is applicable when two companies enter into a collaboration, and therefore share databases. It is necessary to have notified owners of data clearly and precisely that both companies are proprietors of the customer database, making express mention of the names of the companies, or to have obtained the consent of data owners in order for the other company to be able to use their personal data for commercial or promotional purposes, etc.

B) Outsourcing data processing services This document is applicable when a company outsources services to third parties, which will use the personal data that is subject to the rendering of service (accountancy firms, etc.)

www.yourlegalconsultants.com

info@yourlegalconsultants.com

3. DOC: SECURITY DOCUMENT (1/4)

The security document index, available at downloads, is described in the following:

INTRODUCTION

•DOCUMENT APPLICATION SCOPE

High Level. Applied to data files or data processing. Intermediate Level. Applied to data files or data processing. Basic Level. Applied to data files or data processing.

B. MEASURES, PROCEDURES, RULES AND STANDARDS GUARANTEEINGTHE SECURITY LEVELS REQUIRED BY THIS DOCUMENT

Identification and authenticationAccess Control Hardware and document logFile criteria Data access through communication networks

www.yourlegalconsultants.com

info@yourlegalconsultants.com

3. DOC: SECURITY DOCUMENT (2/4)

Access Control Hardware and document logFile criteria Data access through communication networks Regime for work outside premises where files are located Document transferTemporary files Copy or reproduction Backup copies Security Supervisor

C. GENERAL PROCEDURE FOR PERSONNEL NOTIFICATION

D. PERSONNEL FUNCTIONS AND OBLIGATIONS

General functions and obligations

www.yourlegalconsultants.com

info@yourlegalconsultants.com

3. DOC: SECURITY DOCUMENT (3/4)

E. INCIDENT NOTIFICATION, MANAGEMENT AND RESPONSE PROCEDURES F. REVIEW PROCEDURES

Security document review

Audit

G. CONSEQUENCES OF NON-COMPLIANCE WITH SECURITY DOCUMENT

APPENDIX I. FILE DESCRIPTION APPENDIX II. APPOINTMENTS APPENDIX III. AUTHORISATION FOR DATA OUTPUT OR RECOVERY APPENDIX IV. HARDWARE INVENTORY APPENDIX V. INCIDENT LOG APPENDIX VI. PROCESSING SUPERVISOR APPENDIX VII. HARDWARE SIGN IN AND SIGN OUT LOG

www.yourlegalconsultants.com

info@yourlegalconsultants.com

3. DOC: SECURITY DOCUMENT (4/4)

CHECKLIST FOR SECURITY AUDIT 1. Aims 2. Determining the audit scope 3. Planning 3. Data gathering 4. Test evaluation 5. Conclusions and Recommendations

www.yourlegalconsultants.com

info@yourlegalconsultants.com

4. DOC: COMPLIANCE/AUDIT CERTIFICATE

This document (compliance/audit certificate) has two different aims:

A) It allows an expert in data protection implementation to analyse current data protection compliance for AUDITING

B) It allows the expert who has implemented data protection to COMMIT to the result of this implementation.

www.yourlegalconsultants.com

info@yourlegalconsultants.com

5. DOC: COMPANY INTERNAL POLICY

This company internal policy document covers the points to be taken into account, from the perspective of security monitoring of the company's internal and external communications systems, and is applicable to the systems department. The document INDEX is included:

COMPANY INTERNAL POLICY

1- Data protection

2- Data processing

3- Proprietary information

4- Non-automated data

5- Work place security

6- Security of the Company’s Information Systems

www.yourlegalconsultants.com

info@yourlegalconsultants.com

Thank you for your interest

Dataprotection@yourlegalconsultants.com

If you want to buy the documents:www.yourlegalconsultants.com

If you want to contract to the expert, please contact: