By Pablo A. Palazzi
Data Protection Agency issues audit regulation
The Data Protection Agency (DPA) issued Disposition 5/2008 detailing the procedure to perform audits in data controller. The aim of Disposition 5/2008 is to regulate how audits take place and to describe audit stages. Under this new regulation, the data protection agency will send a note with a questionnaire to the company several days before the inspection. Later, the DPA could visit the premises, request access to the databases, and verify compliance with security regulations, registrations, and other requirements of the law.
Data Protection Guidelines for the public sector
The Data Protection Agency has approved, by Disposition 7/2008, the "Guidelines for good data protection practices in personal databases of the public sector." The guidelines explain the application of data protection rules in government databases. They also include a sample confidentiality agreement for the public sector, and the DPA explains the relationship between data protection law and freedom of information regulations.
Data Protection Agency postpones deadline for security measures
By Disposition 9/2008, the Data Protection Agency has postponed for a term of one year the deadline to implement medium and critical security measures under the data protection law and its regulations (Disposition 11/2006). Basic security measures were not postponed. In addition, the DPA enacted a document that can used as a template for implementing the Security and Privacy Policy.
Comments
If you want to comment on this post, you need to login.