M. Àngels Barbarà
Link to the practical Guide on Data Protection Impact Assessment (DPIA) (original version available)
The Catalan Data Protection Authority has presented a new tool to assess compliance with data protection regulations more concretely and practically. The aim is to help institutions, companies (especially SMEs) and organisations to analyse the risks of personal data processing and the impact it may have on their rights.
This new tool was presented during a conference at the Centre d’Estudis Jurídics i Formació Especialitzada (Centre for Legal Studies and Specialised Training) in Barcelona.
At the opening of the session, the APDCAT Director, M. Àngels Barbarà, explained that, based on the experience acquired during this time, the APDCAD has designed a specific methodology to carry out a Data Protection Impact Assessment, which complies with all the guarantees relating to data protection. Impact assessments are a key part of the GDPR, as they minimise potential data protection violations, guarantee accountability and build trust with individuals.
The APDCAT has already published a list of the processing types that require an assessment and how the processing can impact on people’s rights. The list can be found HERE.
Lack of data protection culture: it must be a commitment of the organisation
The APDCAT Director highlighted the difficulties of maximum compliance with the regulations because of the deficiency of a data protection culture. Compliance with the regulations is not a mere legal obligation; it’s the organisation's commitment to people and the guarantee of their rights.
The GDPR provides flexibility on how to adapt the compliance of these obligations to the organisation. The APDCAT is working to provide methodologies that improve the identification of the specific risks of processing data on people’s rights and freedom, and has identified some of the most common impacts, which include the inability to access services, identity theft, economic losses and reputational damages.
The conference also addressed aspects of the register of processing activities that each institution needs to carry out and review regularly. The APDCAT Director stressed the importance of role of the Data Protection Officer (DPO), who must control the flow of personal information and the compliance of all the obligations regarding data protection.
New conference on data protection for companies at Foment del Treball on October 9
In the same spirit of helping companies in processing personal data, Foment del Treball, with the collaboration of the Catalan Data Protection Authority, has organised a conference to review new developments and explain the implications of the General Data Protection Regulations.
The conference takes place in Foment del Treball on October 9, and will be attended by the APDCAT Director, M. Àngels Barbarà, and the President of Foment del Treball, Josep Sánchez Llibre. Several experts from the APDCAT will also be there to help companies in this far-reaching change represented by the GDPR and the new principles of proactive responsibility and focus on the risk, and to address the challenges of integrating these principles into organisations.