Technology

The challenges facing companies in the face of the new data protection law

The challenges facing companies in the face of the new data protection law

The entry into force of the new General Data Protection Regulation on May 25 has shaken the foundations of a multitude of Spanish companies. This new regulation will affect, to a certain extent, human resources departments and labor relations, which have had to adapt to the new rules regarding the processing of confidential data.

?But what are the real challenges that companies have to face? First of all, companies should appoint a Data Protection Officer to assist organizations in complying with the standard.

This can be either internal or external to the company and should be in charge of privacy assessments, always taking into account the data protection of both company personnel and the customers they work with.

In addition, as of May 25, what we consider sensitive data should be expanded to include, for example, genetic and biomedical data.

This is why we must be very aware of the personal data we process and store, know in which case it is private and sensitive data, and be able to establish when it is no longer necessary to keep it and, therefore, destroy it correctly when the time comes.

The ideal would then be to create procedures that help us to control the duplicity and poor quality of the data, with which the companies can make sure to delete or transfer the data in its entirety if the user requests it.

And here we come to another important point of the new regulation: the new rights for citizens. First of all, organizations will have to provide more transparency and complete and simple information, which will facilitate users' decision making.

Secondly, citizens will have to give their consent for the use of their personal data by any organization, a free and revocable consent.

And the much talked about right to be forgotten also takes center stage in the GDPR. At any time the user may wish to cancel the consent given for the processing of personal data, thus being able to demand the deletion and elimination of data in all digital media, such as social networks, search engines, etc.

The 25th of May is just around the corner and Spanish companies, traditionally prepared to collect data but not to protect them, have begun a countdown with no return that will undoubtedly mark a before and after in the way we treat our own and third parties' confidential data.

Share