It seems incredible that we missed the first birthday of the General Regulation of Data Protection (RGPD) of the European Union, which came into force in May last year with the aim of protecting citizens from the use made by companies and public administrations of their personal data.
A year after its release, companies are still trying to adapt to the regulations and it seems that they are getting closer and closer. According to the Hiscox Cyber Readiness Report 2019 report, 68% of Spanish companies defend that ensuring compliance is a priority in their business strategy, five points above the average of countries analyzed.
Among other issues, the RGPD regulates the figure of the Delegate for Data Protection (DPD), a profile that certain companies must have in their templates whose function is to monitor the treatment they make of the information of their customers. In other words:
a mediator who, in case of conflict, must become the defender of the latter in what concerns the management of their personal data.
Your role is as beneficial to users as it is to companies. The former can receive a response and solution to their claims, but also compensation for the damages suffered. A money that, to process through the Spanish Agency for Data Protection (AEPD), it would be destined entirely to the Treasury. The companies, on the other hand, are winning if,
before a bad treatment of the data of a client, they compensate this instead of paying an administrative fine that, in addition to being larger, it would be accompanied by the consequent loss of prestige in the media.
But the RGPD is not limited to defining what a DPD should do and promoting the advantages of having its services. It establishes as mandatory its presence in companies and entities, public or private, that systematically treat personal data, whether from customers, employees or suppliers, regardless of their volume. This includes, to name just a few, from insurers, financial institutions, electricity companies and advertising agencies to schools, universities, health centers and private security companies.
- DPD to prevent a greater evil
The fines contemplated until the entry into force of the RGPD for improper treatment of user data could be laughable for large corporations. With the entry into force of the new regulation, the amount of the fines to these entities for breaching their obligations can be multiplied by one thousand.
Currently, when a company commits a minor infringement related to the personal information of its customers, it can pay up to 10 million euros or, in the case of larger companies, up to 2% of its annual turnover. In the case of serious infractions, the fine is doubled: 20 million or 4% of your income.
- Training for a neonatal profession
In this context, courses for certification as DPD have proliferated. The Bejob platform, owned by Santillana, is one of the entities that offers a course of these characteristics, aligned with the scheme of the Spanish Agency for Data Protection and recognized by the Spanish Association for Quality (AEC) and AENOR. Currently, the registration process is open for its fourth edition, which will begin in September. It consists of 180 hours of mixed training, with five face-to-face sessions that can be held in Madrid, Alicante or Bilbao.
"I decided to take the course to learn the subject and the updates that the new regulations have introduced," says Irene Hernández, a student in the third edition of this course. "It is essential to have a DPD profile. The volume of personal data managed by companies must be properly controlled and protected. "
(tagsToTranslate) company (t) duty (t) count (t) delegate of data protection (t) new (t) profile (t) help (t) company (t) maintain (t) management (t) adapt ( t) personal (t) data (t) client (t) speak (t) case (t) result (t) essential (t) align (t) normative (t) avoid (t) sanction