Any company or public institution that uses personal data of its users, that is, you must necessarily collect data from other people, you must fully know the Principles of Personal Data Protection, with which you will be making sure you do not run into problems due to mishandling of them.
On the other hand, we as users also need to be aware of the rights we have, since sharing our personal information it becomes almost an obligation in the today’s digitized world.
Whatever your case, in this article we provide everything you need to know about the subject, a subject that is mandatory.
What is personal data protection and why is it important?
The personal data protection It is, above all, the right that we all have to each data provided to different entities, be they public or private, will have the due protection measure. In this sense, those who for different reasons must collect personal data of third partiesThey must bear in mind the right that each person has over all information of a personal nature. From there derives the importance of the principles of protection of personal data, since each person can decide.
In the same way, this right extends to aspects such as previously knowing the use, storage Y treatment that will be given to your personal information by who, from that moment, will be in possession of said data. One of the key aspects in the correct observance of these principles has to do with the right of each person to know in real time who or who, for different reasons, have had access to the information provided and the use they are giving it.
The implementation of these principles, which we will be developing later on, is something that should be included in all legislation that deals with the rights of each person to the data provided, in order to access or make use of different public or private services, will have due protection. It will no longer be possible for some companies to present self-regulations at convenience that in many cases do not work properly regarding the protection of the data provided by its clients.
Data protection principles Know all of them and what each one consists of!
As a member country of the European Union, in Spain we have in full force the General Data Protection Regulation (RGPD), which serves as a regulatory framework to uphold this fundamental right of every citizen of the Union.
This regulation collects and establishes a series of principles, which you should know, so we present them below:
Principle of Loyalty, Legality and Transparency
This principle clearly establishes that whoever collects personal data from other people, must first inform them the way in which the information provided will be treated, what input implies act with loyalty and legality.
Regarding the transparency of the use of the data, we can say that this will be in doubt if the person collecting the data intends to share the information with a third party without warning or without consent of the owner of the data. When something like that happens, this principle will be affected in its entirety, since both would be acting unfairly and little transparent, in addition to incurring an illegality.
Principle of Limitation of Purpose
The data collected may only be used for the purposes reported at the time of collection, being necessary to inform the user, clearly and unequivocally, any possible different use of those, and obtain the due consent of the interested party.
When the provisions of this principle are neglected, or simply not fully complied with, many people could be affected, and stay vulnerable for the improper use of data provided to various public or private entities. An example of this, we see when some governments of countries with high percentages of immigrants, request the social media platforms profile information of its users, with serious consequences for the privacy of the latter.
Principle of Data Minimization
Here we find one of the thorniest issues in terms of personal data protection today. Whoever collects the data should know that under no circumstances can, or should request more data than the strictly necessary for the required purposes. Thus, for example, it is inexcusable when someone tries to sell us or send us an e-book for free, but to obtain it asks us for our position or position that we carry out in the company where we work.
Data Accuracy Principle
The GDPR clearly establishes that all data collected must be accurate, which refers to the fact that each time they must be used for the purposes for which they have been collected, they do not cease to be up-to-date and have the proper property of integrity.
We must all be aware of this principle, since every day it happens more frequently the denial of credits or mortgages, the same of denial of public assistance, due to inaccuracies or omissions product of some error by the person in charge of recording the data.
Principle of Limitation of Data Conservation
Who collects the data must give sufficient guarantees, as once they no longer fulfill the functions for which they have been requested, will no longer be stored in the databases of who collects them. The importance of this principle for people, it is evident when we see that many times the information provided is stored indefinitely in the records of companies with which it has stopped having relations, for different reasons.
Principle of Integrity and Confidentiality
Who collects and treats the personal data of third parties, you should know that you are automatically obliged to act proactively in order to guarantee the security of the data you handle. This includes physical, organizational and technical measures that prevent exposing them to certain risks.
When organizations see each other legally bound To comply with this principle, they must take measures such as securing their facilities, better control over access to them and, of course, hiring suitable personnel to handle an otherwise sensitive issue. This is extremely important, as news is often heard about the information theft of users from databases of various kinds.
How to comply with the principles of personal data protection?
Who, due to their positions in both public and private entities, must carry out the management of personal data of clients, users, suppliers or subscribersThey must take care to guarantee them the due protection of the data.
By following these tips, you make sure that you fully comply with your obligations in a matter of prime importance to all your associates:
Inform each user of their rights
From the moment you request the personal data of your clients or users, you must find a way to inform them that they have some rights that may enforce when deemed necessary. That is, their right to have access at all times to the data that you have stored about them, and above all the way you have obtained them in case the interested party has not provided them to you directly.
It is also important that each person is aware of their right to rectify or update any inaccuracies that may exist about their data, and, more importantly, you must inform them in a short time the rectification of them. In addition to all the above, you must bear in mind that every person You have the right to object and cancel the use of any personal data, at the time it deems appropriate.
Make sure you have explicit consent
After informing the person of their rights, you should make sure that have your consent about the treatment to which the data provided will be subject. That includes informing about the purpose for which you are requesting them, and possible third parties that may have access to the data, all of which help to to give transparency to the collection process.
Bases the collection on quality and not quantity
With this you will be better able to comply with the principle of data minimization, avoiding requesting information little necessary or excessive.
Seek professional consulting
It is important to consult with a professional the quantity and quality of the information you plan to collect, as this is the best way to ensure that you are doing everything within the legal parameters.
This same person will help you select file type more suitable for your organization, which is something that you are obliged to report to the File Registries of the Data Protection Agency. In addition, you must bear in mind that you need to have a security document drawn up, in which they must specify all the measures included in the RGPD.
Increase security measures
From the very moment someone shares their personal data with your business or organization, you are obliged to take the appropriate measures to guarantee that person that their data is safe. This makes it necessary that, in addition to what concerns you directly, you must ensure that possible third parties with whom you could be sharing all that information, as is the case of any management agency or another of a similar nature, meet all the requirements in this section.
If you have any questions, leave them in the comments, we will answer you as soon as possible, and it will also be of great help to more members of the community. Thank you! 😉