+34 977251877 | cetit@cetit.cat | 649940463

Canvas Logo

WHY AN ENGINEER MUST ADAPT TO DATA PROTECTION REGULATIONS

  • 3/5/2025

WHY AN ENGINEER MUST ADAPT TO DATA PROTECTION REGULATIONS

PRIVACY REGULATION COMPLIANCE SYSTEM

1. Do engineers have to comply with personal data protection regulations?

Understanding personal data as any information about an identified or identifiable person (name, ID, e-mail, telephone, address, etc.), the answer is yes, since any engineer, as a result of their professional activity, will have to process personal data from any of these groups:

•Customers and/or suppliers;

•Working people;

•Service users;

•Owners of neighborhood communities;

•Personal data of any kind.

The regulations that regulate the protection of personal data are:

•GDPR: General Data Protection Regulation 2016/679.

•LOPDGDD: Organic Law 3/2018 on data protection and guarantee of digital rights.

2. How should my organization adapt to comply with these regulations?

  Broadly speaking, to implement a system to comply with the GDPR and the LOPDGDD, your organization must:

•Identify the personal data being processed and create a record of all processing carried out on it, determining, among other issues:

For what purpose will they be processed?

With what legitimacy?

How long are they expected to be kept?

If you plan to transfer them to other entities.

Etc.

•Write circulars to inform data holders of everything related above, in addition to the rights that they have (access, rectification, portability and deletion of their data and limitation and opposition to its processing).

•Depending on the risk that these treatments may pose (security breaches, information leaks, unauthorized access, etc.), adopt security measures to reduce them.

•Sign confidentiality agreements with all internal staff and external companies that must process this personal data on behalf of the organization.

• Raise awareness and sensitize the organization's personnel through training actions.

•Etc.

3. Would implementing the compliance system be enough?

  No, the compliance system is not just documentation, but it is a process that will remain alive over time, that is, it must be kept updated, since the treatments:

•They will not always be the same: new ones will be started or others will be discontinued.

•They will not be carried out with the same resources: hardware, software, media, etc.

•They will not be handled by the same people: staff rotation, suppliers, etc.

All this will imply changes in risks, new security measures, new confidentiality agreements, new training, etc., so we should:

•Update the treatment record when there are changes in the organization that affect them.

•Periodically review information circulars, agreements with staff and contracts with third parties.

•Continue to raise staff awareness through ongoing training.

•Verify security measures to avoid risks, such as cyberattacks or improper access.

•Etc.

Therefore, the system must be reviewed periodically to update all these circumstances and act accordingly, ensuring that it continues to remain as effective as when it was implemented.

4. Ateneu Privacy Consulting can help you

  If you want to adapt correctly by implementing a system to comply with data protection regulations and keeping it properly updated, contact us and we will advise you on its comprehensive management.


⇐ Round Table. International Women's Day
What changes will there be to the workday registration and time control? ⇒
Current events and news

Tags

Protecció de dades