2. www.tusconsultoreslegales.com [email_address] DOCUMENTS RELATED TO DATA PROTECTION IMPLEMENTATION: 1. KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION 3. RELATED AGREEMENTS 3. SECURITY DOCUMENT 4. COMPLIANCE/AUDIT CERTIFICATE 5. COMPANY INTERNAL POLICY
4. www.tusconsultoreslegales.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (1/2) This document contains key points that will help you to determine whether data protection has been correctly implemented or to determine what points are necessary to take into account in implementing the provisions of the data protection law. SOME OF THE POINTS INCLUDED IN THIS SPREADSHEET ARE SHOWN IN THE FOLLOWING Is the "company policy" document applicable to all stores and companies? Yes/No Is there a waiver of liability clause with regard to data transfer/disclosure? Yes/No Is there a data processing procedure to be followed by company employees? Yes/No
5. www.tusconsultoreslegales.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (2/2) Is the occupational accident information associated to personal data? Yes/No Are e-mails sent to multiple recipients without the appropriate consent? Yes/No Is there a procedure for the cancellation/rectification/amendment of data? Yes/No Does your company consider that data is disclosed to third party service providers who access the data? Yes/No Has your company been notified of the creation of a video surveillance image file? Yes/No The questions contained in this questionnaire lead to reflection on the level of protection being applied in a company.
6.
7.
8. www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (2/4) Access Control Hardware and document log File criteria Data access through communication networks Regime for work outside premises where files are located Document transfer Temporary files Copy or reproduction Backup copies Security Supervisor C. GENERAL PROCEDURE FOR PERSONNEL NOTIFICATION D. PERSONNEL FUNCTIONS AND OBLIGATIONS General functions and obligations
9. www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (3/4) E. INCIDENT NOTIFICATION, MANAGEMENT AND RESPONSE PROCEDURES F. REVIEW PROCEDURES Security document review Audit G. CONSEQUENCES OF NON-COMPLIANCE WITH SECURITY DOCUMENT APPENDIX I. FILE DESCRIPTION APPENDIX II. APPOINTMENTS APPENDIX III. AUTHORISATION FOR DATA OUTPUT OR RECOVERY APPENDIX IV. HARDWARE INVENTORY APPENDIX V. INCIDENT LOG APPENDIX VI. PROCESSING SUPERVISOR APPENDIX VII. HARDWARE SIGN IN AND SIGN OUT LOG
10. www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (4/4) IV. CHECKLIST FOR SECURITY AUDIT 1. Aims 2. Determining the audit scope 3. Planning 3. Data gathering 4. Test evaluation 5. Conclusions and Recommendations
11. www.tusconsultoreslegales.com [email_address] 4. DOC: COMPLIANCE/AUDIT CERTIFICATE This document (compliance/audit certificate) has two different aims: A) It allows an expert in data protection implementation to analyse current data protection compliance for AUDITING B) It allows the expert who has implemented data protection to COMMIT to the result of this implementation.
12. www.tusconsultoreslegales.com [email_address] 5. DOC: COMPANY INTERNAL POLICY This company internal policy document covers the points to be taken into account, from the perspective of security monitoring of the company's internal and external communications systems, and is applicable to the systems department. The document INDEX is included: COMPANY INTERNAL POLICY 1- Data protection 2- Data processing 3- Proprietary information 4- Non-automated data 5- Work place security 6- Security of the Company’s Information Systems