Check that the email account listed in the Data Protection Information Clause is working properly. You can send an e-mail to it and check its correct reception.
Exercise ARCO Rights
Check that the people in your organization who have access to personal data can inform the person concerned of the procedure to be followed.
Have the Data Protection Information Clause ready to give to each customer, both new and old. This must be signed by each person. The sheet comes prepared with two copies, one to be given to the client and the other to be filed.
Remember that if you have had any incident where the right of Access, Rectification, Cancellation or Opposition is exercised, you have a maximum of 10 days to respond or resolve the incident.
According to the LOPD you must make at least once a week a backup copy of the files containing Personal Data. It is possible that if you make incremental copies, these will be made during the week until the complete copy is made. Monitor that they are being copied properly and without any errors.
Check that the backups are properly made and stored in a safe place, under lock and key.
Perform a test restore of the backups to check that they are working properly.
Internal or external control
Perform an internal control of all documentation generated with respect to the LOPD. The Security Manager and the person in charge of each file must check that all the regulations set forth in the Security Document have been complied with.
Change all passwords once a year, both for access to your computers and databases. Make sure that they consist of at least 8 digits and that they are alphanumeric, i.e., that they mix numbers and letters.
Organized archiving of all e-mails.
Check if there have been changes in your organization and verify that it is reflected in your Security Document. New employees, computer changes, new suppliers to whom you transfer data, etc.
It is not mandatory, but it is advisable that your LOPD company performs a maintenance.
Audit medium and high levels
If your Level is Medium or High, your organization is required to perform an Audit every 2 Years.
Record and resolve all incidents as they occur. Record in your Security Document all incoming and outgoing media from your organization.
We recommend the installation of a professional backup system by a professional company.
Shredding and erasure of documents
Whenever documents are destroyed or deleted, appropriate measures must be taken to prevent third parties from accessing the information.
Inform and train your human resources about the Data Protection Law and the processes they must comply with.
If your organization has a website, you must apply the LSSI module to comply with the LOPD.
Do not send unauthorized e-mails or promotions that do not respect the LOPD regulations.
The supports with particularly sensitive data must allow authorized personnel to identify them by means of an understandable labeling system that makes identification difficult for other workers.
Transfer of Documentation
If you have to move documents or media with personal data outside your premises, you must always do so under the supervision and control of the person responsible for the file or treatment, have the relevant authorization and be duly reflected in the security document. These documents and media include attachments and personal data sent in an e-mail.
- Check that the e-mail address that appears in the Data Protection Information Clause is working correctly.
- Have the Data Protection Information Clause ready to give to every customer, both new and old.
- You must back up files containing Personal Data at least once a week.
- Perform an internal control of all documentation generated with respect to the LOPD.
- Change all passwords once a year, both for access to your computers and databases.
- If your level is Medium or High, your organization is required to perform an audit every 2 years.
- Do not send unauthorized e-mails or promotions that do not respect the LOPD regulations.
- To transfer documents or media containing personal data, do so under the supervision and control of the person in charge.