The importance of compliance with the requirements relating to the protection of personal data, has never been more obvious than today. About a year after the unveiling of the initiative for the reform of the EU legislation on the protection of personal data, the subject matter is still the subject of intense debate. Apparently, an agreement is not going to be easy.
"The European Union needs to standardize and modernize the legislation on the protection of personal data to ensure trust and economic growth within the digital single market," European Commissioner for Justice Viviane Reding said at the beginning of this year, expressing her hope that this goal will be achieved until next year, on the European day of personal data protection[1] (n.n. January 28).
Among the key objectives are to provide individuals with more control over your private information to be used in the online environment, but also combat against other issues which take in more and more large-scale, such as the theft of one's identity.
Many of the companies in the local market are not aware of the responsibility they assume by collecting, storing, processing and destroying personal data, which can expose them to several risks, starting with substantial fines applied by the National Authority for the Supervision of Processing Personal Data Protection (ANSPDCP), lawsuits from disgruntled customers or employees, and ending up with long-term reputational damage.
One of the notable authors of the Usa is in the City, district 1, he was sentenced to pay the sum of 10,000 Euros for non-pecuniary damage[2] is a natural person, whose personal data are published on our website.
While in the labyrinth of the protection of personal data, they can be very complex (which is why they are not always needed on the recommendations of a specialist), there are some steps which are applicable to all categories of institutions, whether public or private, large or small, of the merchants, and by the call center, or a pharmaceutical company, by which it can be evaluated for compliance with the provisions of the applicable law, and the discovery of the defect, which affects the process of their application.
To begin with – when is notification to the National Supervisory Authority for the Processing of Personal Data (ANSPDCP) required?
In principle, if the institution processes any information relating to living persons and can decide on the information that is stored, then the institution is probably a personal data operator, for which the legislation in force requires notification to the ANSPDCP.
Assuming that the institution has already notified to the supervisory authority, it is important to take into consideration a number of factors, including the following:
- People (generally known as "data subjects") from which the data is collected shall be kept informed about the work in the collection of the data?
- They were made for these people, the purposes for which your data is processed?
- All of the information we collect is relevant for the purpose for which they are processed?
We read a lot about the institutions, whether public or private, national or international, which lost data, the customer. Romanian law provides that it is the responsibility of the operator to ensure the protection of your data, and that, in the event of a failure, by providing for the imposition of fines, which is why you don't exclude compensation of the data subject.
Some of the measures that every company, regardless of the status of the market, you have to take into account to ensure the protection, more safe for your personal data include:
- The use of firewalls, secure (firewall), and, of encryption software for the use of all electronic devices, which contain the data of customers and employees.
- The duplication of the information provided and store them in safe environments. To this extent, not only conforming to the requirements of the law, but that it is also useful for the proper management of the business of the company. Whether the information is stored electronically or in paper form, it is important for you to have a copy of the data that is collected from every data Subject;
- In addition to storing the data of a person, they are responsible for and in relation to the release of the information, upon request, in a timely manner. They are obliged, on the one hand, to ensure that all of the client's records are up to date, and, on the other hand, to adopt procedures for the handling of the immediate requests of the data subjects for access to their data requirements.
Also, the destruction of the secure of the personal data is just as important as the collection and processing of information. The time at which data is no longer serving the purpose for which it was collected, for example, at the end of the period agreed upon, after the performance of the obligations of a contract, the operator shall be obliged to destroy your data in a secure manner.
The implementation of the provisions of the law on the protection of personal data, is becoming more and more strict, in view of the recent practice of the courts, which ruled in favor of those whose rights have been violated.
We advise the entrepreneurs should evaluate their policies and procedures relating to the protection of personal data, right now, if you want to avoid the fines, payment of damages, and the costs of the proceedings in the future.
[1] http://ec.europa.eu