04 06 2019
According to the GDPR, the obligation to perform an audit in order to comply with it is not explicitly specified in any of the articles. It is simply established that the companies have to permanently comply and be constantly updated about it.
On the other hand, the Regulation of the Organic Law of Protection of Data that shall be approved by the Cortes Generales* at the end of the year in principle provides that the companies with a high number of workers and/or workplaces and/or that they treat cataloged data as “sensitive” to the law itself, they have to perform an audit process on a biannual and mandatory basis.
*Cortes Generales is the bicameral legislature in Spain. It consists of two chambers: the Congress of Deputies and the Senate.
The sensitive data are those data that due to their special impact on privacy, public freedoms and the fundamental rights of the person, need a greater protection than the rest of the personal data. Currently, the category of data considered sensitive would be as follows:
Companies whose main activity coincides with any of the following:
For companies that have either more than 100 workers or more than one workplace, it is recommended that they do an audit.
According to the Spanish Agency for Data Protection (AEPD), the PIA is the “exercise of risk analysis that a given system of information, product or service may imply the fundamental right to protect data of those affected, in order to face the effective management of necessary measures to eliminate or mitigate them”.
When should it take place?
It is not always necessary to perform an Impact Assessment; however, it is advisable to analyze the possible risks of the company as mentioned above.
The new European regulation assesses that it is mandatory when one of the following characteristics occurs:
Which companies are required to perform a PIA? Some of the entities that have to perform an impact evaluation are:
Pridatect, in addition to the adequacy software, offers the audit service to ensure full compliance with the regulation in a simple and efficient manner. Contact us for more information.