Location via proxy:   [ UP ]  
[Report a bug]   [Manage cookies]                
SlideShare a Scribd company logo

Index data protection

Download as PPT, PDF
C
Cristina Villavicencio

This document summarizes various documents related to implementing data protection and privacy policies, including key points to consider, sample agreements, security documents, an audit certificate, and a company internal policy template. The documents are available for purchase and cover topics such as database transfers, outsourcing data processing, security measures, personnel responsibilities, auditing procedures, and compliance monitoring.

1 of 13
www.tusconsultoreslegales.com [email_address] Personal data protection/ Downloadable documents Content sample before document purchase
www.tusconsultoreslegales.com [email_address] DOCUMENTS RELATED TO DATA PROTECTION IMPLEMENTATION: 1. KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION 3. RELATED AGREEMENTS 3. SECURITY DOCUMENT 4. COMPLIANCE/AUDIT CERTIFICATE 5. COMPANY INTERNAL POLICY
www.tusconsultoreslegales.com [email_address] PERSONAL DATA PROTECTION Index of practical documents and explanation of appendix documents Available in document purchase area
www.tusconsultoreslegales.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (1/2) This document contains key points that will help you to determine whether data protection has been correctly implemented or to determine what points are necessary to take into account in implementing the provisions of the data protection law. SOME OF THE POINTS INCLUDED IN THIS SPREADSHEET ARE SHOWN IN THE FOLLOWING Is the "company policy" document applicable to all stores and companies? Yes/No       Is there a waiver of liability clause with regard to data transfer/disclosure? Yes/No   Is there a data processing procedure to be followed by company employees? Yes/No
www.tusconsultoreslegales.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (2/2) Is the occupational accident information associated to personal data? Yes/No   Are e-mails sent to multiple recipients without the appropriate consent? Yes/No         Is there a procedure for the cancellation/rectification/amendment of data? Yes/No     Does your company consider that data is disclosed to third party service providers who access the data? Yes/No       Has your company been notified of the creation of a video surveillance image file? Yes/No                   The questions contained in this questionnaire lead to reflection on the level of protection being applied in a company.
www.tusconsultoreslegales.com [email_address] 2. DOCS: RELATED AGREEMENTS Agreement documents related to data protection implementation, available at downloads, focus on the following areas: Database transfer between companies This document is applicable when two companies enter into a collaboration, and therefore share databases. It is necessary to have notified owners of data clearly and precisely that both companies are proprietors of the customer database, making express mention of the names of the companies, or to have obtained the consent of data owners in order for the other company to be able to use their personal data for commercial or promotional purposes, etc. B) Outsourcing data processing services This document is applicable when a company outsources services to third parties, which will use the personal data that is subject to the rendering of service (accountancy firms, etc.)
www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (1/4) The security document index, available at downloads, is described in the following: INTRODUCTION DOCUMENT APPLICATION SCOPE High Level. Applied to data files or data processing. Intermediate Level. Applied to data files or data processing. Basic Level. Applied to data files or data processing. B. MEASURES, PROCEDURES, RULES AND STANDARDS GUARANTEEING THE SECURITY LEVELS REQUIRED BY THIS DOCUMENT Identification and authentication Access Control Hardware and document log File criteria Data access through communication networks
www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (2/4) Access Control Hardware and document log File criteria Data access through communication networks Regime for work outside premises where files are located Document transfer Temporary files Copy or reproduction Backup copies Security Supervisor C. GENERAL PROCEDURE FOR PERSONNEL NOTIFICATION D. PERSONNEL FUNCTIONS AND OBLIGATIONS General functions and obligations
www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (3/4) E. INCIDENT NOTIFICATION, MANAGEMENT AND RESPONSE PROCEDURES F. REVIEW PROCEDURES Security document review Audit G. CONSEQUENCES OF NON-COMPLIANCE WITH SECURITY DOCUMENT APPENDIX I. FILE DESCRIPTION APPENDIX II. APPOINTMENTS APPENDIX III. AUTHORISATION FOR DATA OUTPUT OR RECOVERY APPENDIX IV. HARDWARE INVENTORY APPENDIX V. INCIDENT LOG APPENDIX VI. PROCESSING SUPERVISOR APPENDIX VII. HARDWARE SIGN IN AND SIGN OUT LOG
www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (4/4) IV. CHECKLIST FOR SECURITY AUDIT 1. Aims 2. Determining the audit scope 3. Planning 3. Data gathering 4. Test evaluation 5. Conclusions and Recommendations
www.tusconsultoreslegales.com [email_address] 4. DOC: COMPLIANCE/AUDIT CERTIFICATE This document (compliance/audit certificate) has two different aims: A) It allows an expert in data protection implementation to analyse current data protection compliance for AUDITING B) It allows the expert who has implemented data protection to COMMIT to the result of this implementation.
www.tusconsultoreslegales.com [email_address] 5. DOC: COMPANY INTERNAL POLICY This company internal policy document covers the points to be taken into account, from the perspective of security monitoring of the company's internal and external communications systems, and is applicable to the systems department. The document INDEX is included: COMPANY INTERNAL POLICY 1- Data protection 2- Data processing 3- Proprietary information 4- Non-automated data 5- Work place security 6- Security of the Company’s Information Systems
www.tusconsultoreslegales.com [email_address] Thank you for your interest [email_address] For personalised consultations, please contact:

More Related Content

Index data protection

  • 1. www.tusconsultoreslegales.com [email_address] Personal data protection/ Downloadable documents Content sample before document purchase
  • 2. www.tusconsultoreslegales.com [email_address] DOCUMENTS RELATED TO DATA PROTECTION IMPLEMENTATION: 1. KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION 3. RELATED AGREEMENTS 3. SECURITY DOCUMENT 4. COMPLIANCE/AUDIT CERTIFICATE 5. COMPANY INTERNAL POLICY
  • 3. www.tusconsultoreslegales.com [email_address] PERSONAL DATA PROTECTION Index of practical documents and explanation of appendix documents Available in document purchase area
  • 4. www.tusconsultoreslegales.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (1/2) This document contains key points that will help you to determine whether data protection has been correctly implemented or to determine what points are necessary to take into account in implementing the provisions of the data protection law. SOME OF THE POINTS INCLUDED IN THIS SPREADSHEET ARE SHOWN IN THE FOLLOWING Is the "company policy" document applicable to all stores and companies? Yes/No       Is there a waiver of liability clause with regard to data transfer/disclosure? Yes/No   Is there a data processing procedure to be followed by company employees? Yes/No
  • 5. www.tusconsultoreslegales.com [email_address] 1. DOC: KEY POINTS INVOLVED IN DATA PROTECTION IMPLEMENTATION (2/2) Is the occupational accident information associated to personal data? Yes/No   Are e-mails sent to multiple recipients without the appropriate consent? Yes/No         Is there a procedure for the cancellation/rectification/amendment of data? Yes/No     Does your company consider that data is disclosed to third party service providers who access the data? Yes/No       Has your company been notified of the creation of a video surveillance image file? Yes/No                   The questions contained in this questionnaire lead to reflection on the level of protection being applied in a company.
  • 6. www.tusconsultoreslegales.com [email_address] 2. DOCS: RELATED AGREEMENTS Agreement documents related to data protection implementation, available at downloads, focus on the following areas: Database transfer between companies This document is applicable when two companies enter into a collaboration, and therefore share databases. It is necessary to have notified owners of data clearly and precisely that both companies are proprietors of the customer database, making express mention of the names of the companies, or to have obtained the consent of data owners in order for the other company to be able to use their personal data for commercial or promotional purposes, etc. B) Outsourcing data processing services This document is applicable when a company outsources services to third parties, which will use the personal data that is subject to the rendering of service (accountancy firms, etc.)
  • 7. www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (1/4) The security document index, available at downloads, is described in the following: INTRODUCTION DOCUMENT APPLICATION SCOPE High Level. Applied to data files or data processing. Intermediate Level. Applied to data files or data processing. Basic Level. Applied to data files or data processing. B. MEASURES, PROCEDURES, RULES AND STANDARDS GUARANTEEING THE SECURITY LEVELS REQUIRED BY THIS DOCUMENT Identification and authentication Access Control Hardware and document log File criteria Data access through communication networks
  • 8. www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (2/4) Access Control Hardware and document log File criteria Data access through communication networks Regime for work outside premises where files are located Document transfer Temporary files Copy or reproduction Backup copies Security Supervisor C. GENERAL PROCEDURE FOR PERSONNEL NOTIFICATION D. PERSONNEL FUNCTIONS AND OBLIGATIONS General functions and obligations
  • 9. www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (3/4) E. INCIDENT NOTIFICATION, MANAGEMENT AND RESPONSE PROCEDURES F. REVIEW PROCEDURES Security document review Audit G. CONSEQUENCES OF NON-COMPLIANCE WITH SECURITY DOCUMENT APPENDIX I. FILE DESCRIPTION APPENDIX II. APPOINTMENTS APPENDIX III. AUTHORISATION FOR DATA OUTPUT OR RECOVERY APPENDIX IV. HARDWARE INVENTORY APPENDIX V. INCIDENT LOG APPENDIX VI. PROCESSING SUPERVISOR APPENDIX VII. HARDWARE SIGN IN AND SIGN OUT LOG
  • 10. www.tusconsultoreslegales.com [email_address] 3. DOC: SECURITY DOCUMENT (4/4) IV. CHECKLIST FOR SECURITY AUDIT 1. Aims 2. Determining the audit scope 3. Planning 3. Data gathering 4. Test evaluation 5. Conclusions and Recommendations
  • 11. www.tusconsultoreslegales.com [email_address] 4. DOC: COMPLIANCE/AUDIT CERTIFICATE This document (compliance/audit certificate) has two different aims: A) It allows an expert in data protection implementation to analyse current data protection compliance for AUDITING B) It allows the expert who has implemented data protection to COMMIT to the result of this implementation.
  • 12. www.tusconsultoreslegales.com [email_address] 5. DOC: COMPANY INTERNAL POLICY This company internal policy document covers the points to be taken into account, from the perspective of security monitoring of the company's internal and external communications systems, and is applicable to the systems department. The document INDEX is included: COMPANY INTERNAL POLICY 1- Data protection 2- Data processing 3- Proprietary information 4- Non-automated data 5- Work place security 6- Security of the Company’s Information Systems
  • 13. www.tusconsultoreslegales.com [email_address] Thank you for your interest [email_address] For personalised consultations, please contact: