Wymagania RODO są długie i złożone. Co więcej nie ma też pojedynczego rozwiązania, które to można zaadresować aby spełnić wszystkie nakładane wymogi. Na szczęście dzięki uproszczonym oraz dostosowanym do wymagań dedykowanym narzędziom IT jest to możliwe.

 

Przyjrzyjmy się zatem niektórym zapisom RODO:

Article 5(1)(b)

Collect personal data only for specified purposes and do not process the data in any manner that is incompatible with the stated purpose(s).

 

2.Article 5(1)(d)

Keep the collected/processed personal data accurate and updated at all times.

 

3. Article 5(1)(f)

Process all forms of personal data with the utmost security and prevent unlawful or unauthorized means of processing.

 

4. Article 5(2)

Demonstrate compliance with the GDPR’s requirements as and when required.

 

5. Article 24(1)

Implement appropriate technical and organizational measures to ensure that processing is performed in accordance with the GDPR.

 

6. Article 25(2)

Personal data should be processed only for the purpose for which it was collected and should not be accessible to those who are not directly involved in these processes.

 

7. Article 30

Always maintain records of all processing activities with details about the reason for processing data, categories of data processed, and security measures undertaken during processing.

 

8. Article 32(1)(a)

Ensure the confidentiality of all processing systems and encrypt personal data by implementing appropriate measures.

 

9. Article 32(1)(b)

Ensure the availability, confidentiality, and integrity of processing systems and services.

 

10. Article 32(1)(d)

Regularly test the effectiveness of implemented security measures.

 

11. Article 32(2)

Always prepare for risks that may arise during processing activities such as loss, alteration, deletion, and disclosure of personal data, and implement appropriate preventive mechanisms.

 

12. Article 32(4)

Take steps to ensure that nobody exploits or gains unauthorized or unlawful access to personal data.

 

13. Article 33

In case of a personal data breach, inform the supervisory authorities within 72 hours. If the notification is made after 72 hours, send the reason for the delay along with it.

 

Spełnienie wszystkich wymagań RODO / GDPR wymusza konieczność stosowania wielu rozwiązań, procesów, ludzi oraz technologii. Proponowana przez nasz rozwiązania pomogą Państwu spełnić wymagania w kontekście regulacji oraz odpowiednio przygotować oraz zabezpieczyć Państwa zasoby IT.