Data Privacy Compliance in the Cloud
Made Easy

Understand Cloud and Data Protection Law in only 4 easy steps. Plus highly relevant legal information for 33 countries. Provided by EuroCloud and 53 European lawyers.

The Spanish Data Protection Authority (AEPD) issues a check-list on regulatory compliance

06.07.2018

The Spanish DPA issued a check-list regarding regulatory compliance to facilitate the implementation of GDPR.

According to the DPA, this is a basic method that allows to identify and verify the requirements established in the GDPR. It includes useful aspects to verify the level of compliance, so that the necessary measures can be implemented.

This check-list complements other materials previously issued by the DPA like the Risk Analysis and Impact Assessment guidelines.

Those can be found here https://www.aepd.es/media/guias/guia-analisis-de-riesgos-rgpd.pdf and https://www.aepd.es/media/guias/guia-evaluaciones-de-impacto-rgpd.pdf. These materials, which constitutes a tool to help reach compliance, complements the Risk Analysis and Impact Assessment guides and the road map made by the Agency for companies and private organizations.

The Regulation establishes that those who process data must apply a set of measures to comply - and be able to demonstrate that they comply - with the new principles and rights included in the new regulation. It also states that the risk analysis processes must be carried out objectively, consciously and verifiably by those responsible. In this task of identifying the risks for their subsequent management, the compliance risks associated with the regulatory framework must be taken into account. Thus, it includes the need to keep all the processes documented in order to demonstrate diligence in compliance and accountability. The analysis that could be carried out when completing this list can be incorporated into said document base, each organization having to interpret the obtained result and address the possible shortcomings that have been detected.

The regulatory compliance check-list is designed as a basic method that allows the controller   obtaining an overview of the degree of compliance to GDPR of a personal data processing, this overview being especially useful for both the risk analysis processes and the impact assessments. The check-list lists the items that should be analyzed to guarantee that the data processings are being carried out in accordance with the new regulations. The document is divided into 29 blocks among which are those related to transparency in the information to be provided to citizens, the exercise of rights, the registration of activities, security measures or international transfers.

The check-list can be found in the DPA website https://www.aepd.es/media/guias/guia-listado-de-cumplimiento-del-rgpd.pdf.

 

Article provided by: Belén Arribas, Andersen Tax & Legal

 

Discover more about the Cloud Privacy Check(CPC) / Data Privacy Compliance(DPC) project

Director CPC project: Dr. Tobias Höllwarthtobias.hoellwarth@eurocloud.org

VIEW PROJECT

WHAT IS THE DPC/CPC PROJECT?

53 lawyers from 33 countries are contributing to the project “Data Privacy Compliance (DPC)/Cloud Privacy Check (CPC)” in 26 different languages.

Understanding the complexity of current European data protection laws and regulations is already difficult enough for an IT engineer, buyer, or business user. In combination with the often small but nevertheless significant differences between various EU member states, however, it can become an almost insurmountable challenge without proper juristic accompaniment from the very start... Read More

 

CPC MISSION & VISION STATEMENT, 2018

The CPC is a trusted, not-for-profit international network of qualified professionals who deliver simplified and straight-forward guidance to help navigate the legal and regulatory environment relating to privacy and the cloud. This is done through collective know-how, research and market analysis gained from pan-European industry activity, collaboration and experience. Our mission is to provide authoritative views, information and practical solutions to two principal stakeholders: industry professionals and public authorities.