On May 25, 2018, the full application of the European Data Protection Regulation took place and at AF gestifinc we have prepared for it.
The new regulatory text, which is common to all the countries of the European Union, reinforces the guarantees of users and requires a greater commitment on the part of companies to guarantee their clients’ right to data protection.
Taking into account the importance of the regulation, we want to dedicate a series of posts to bring you closer to the content of the Regulation and explain the work we have done at AF gestifinc to comply with it.
The European standard is loaded with novelties. Today we want to talk about one in particular that must be taken into consideration by all companies that process personal data; also by property managers.
We are referring to security violations, which are regulated in articles 33 and 34 of the regulatory body. Article 33 is entitled as follows: “Notification of a violation of personal data security to the control authority”. It establishes that, in the event of a violation of the security of personal data, the data controller will notify the control authority. This notification will be made as soon as possible and within a maximum period of 72 hours from when it was recorded.
The minimum content of the communication will be the following:
- Describe the nature of the security breach, including the category and number affected.
- Communicate the name and contact details of the person from whom further information can be obtained.
- Describe the possible consequences of the violation.
- Describe the measures taken to minimize the negative effects, as well as to remedy the violation.
Article 34 establishes the obligation to communicate personal data security violations to interested parties when it entails a risk to their rights and freedoms. Its minimum content will be the same as the communication to be made to the control authority.
In this way, when there is any risk that endangers the confidentiality, availability or integrity of your information, AF gestifinc will notify the Spanish Data Protection Agency, as required by our newly released European Regulation.
We hope that this information has been useful to you.
