Dear shared folder users and email lovers, here is the GDPR
The key challenge in ensuring the compliance of personal data protection lies in creating an appropriate process for the handling of personal data and establishing responsibility for it.
Today, personal data appears in all key business processes, and as a rule also in documents that are created in the implementation of these processes. Some documents are properly protected and stored, while others are often shared by employees via email, online file-sharing services, and other cloud storage, or placed directly in shared folders on a network drive.
Varstvo osebnih podatkov zahteva celovit pristop
If we do not establish a comprehensive overview of all personal data, that we process, we as data controllers do not act in accordance with our responsibilities and obligations.
What are the responsibilities and obligations of the personal data controller?
- Protecting the rights of individuals who have entrusted us with personal data
- Implementing appropriate measures and policies for the protection of personal data
- Ensuring the legality and security of personal data processing
- Selecting an appropriate personal data processor
Even in more regulated environments, it is difficult to ensure compliance with personal data protection if employees are not aware of the importance of personal data, do not understand or accept the need for confidentiality and do not respect the rights of data subjects, most of whom are our customers and partners. Therefore, the protection of personal data cannot be the sole responsibility of a lawyer or the task of the IT department, but requires a comprehensive approach and the involvement of participants from different fields.
Challenges of ensuring the compliance of the information system
The issue of compliance of information systems with the GDPR regulation is probably the easiest and fastest to solve. Nevertheless, we must not underestimate the challenges of ensuring compliance in this area.
We can also help ourselves with the following questions:
- Whether and how personal data is secured so that it cannot be disposed of, in solutions, databases and in file storage?
- Do we share personal information via email or cloud storage?
- Are the roles and rights of information system users set in such a way that only authorized persons can access personal data?
- How do we exercise the data subject's right to be forgotten?
- How comprehensive is the audit trail regarding the behavior of users, administrators, and other systems?
Data subjects have the following rights:
- right to erasure,
- right to restriction of processing,
- right to object,
- right to transfer data,
- right to withdraw consent.
These and other related issues are especially important when deciding to use new software solutions. Then it is worth making sure we choose properly certified tools and services. Otherwise, we must pay attention to these issues in the event of changes in our information system, new jobs and the departure of employees.
Want to know more? Contact us!