Protect the data managed by your SME and comply with current regulations. We explain you how to do it.
Data are fundamental for the correct development of a company's business. Nowadays, the use of new technologies is so common that almost all companies have become accustomed to their daily use, and it is seen as something normal.
It may seem complicated to collect and manage personal data, but those are found and generated in many of the daily activities carried out by SMEs: website activity, social media, feedback on the products or services sold by the SME, or who purchases these products or services, among many other ways.
The first section of the monograph explains what data protection is and the importance of protecting it.
In order to know what data to protect, it is necessary to know what data are and the different types of data: personal and non-personal. Many of these data, if misused, can pose a threat to the privacy of individuals or entities, and could also be illegal.
For this reason, the same section of the report explains the key points on technical compliance with data protection and the different tools of the Spanish Data Protection Agency (AEPD) and the National Institute of Cyber Security (INCIBE) to check whether data protection is being carried out correctly.
Facilita RGPD, Gestiona EIPD, Facilita Emprende and Servicio Antibotnet are the tools that, free of charge, companies can use to check compliance with data protection legislation and how their company is adapting to it. The report details the purpose of each of the tools and how to use them to support legislation compliance.
It is just as important to comply with data protection rules as it is to be able to prove it by updating the relevant documents, so the report sets out the different documents that companies must have constantly updated for authority’s verification.
Since the General Data Protection Regulation or GDPR became directly applicable in Spain in May 2018, data protection has become a recurring topic in the business world, for both large and small and medium-sized companies. In this sense, the report gathers all the information that Incibe points out for compliance with the GDPR by SMEs.
Do I have to comply with GDPR? how do I comply with the regulation? These are some of the questions that you will be able to answer with the report in a simple way. As well as whether your company's data processing is considered high-risk and how to act in this regard.
In the third section, the report sets out the most common problems and errors that SMEs have when handling data, providing a list of regulatory compliance, developed by the AEPD to be able to check whether your company may have any problems or errors in the processing of data.
Even when aware of the obligations, mistakes can be made by companies that could lead to fines or penalties for non-compliance. The last section of the report details the sanctions applicable for non-compliance, as well as some examples of fines imposed on SMEs for non-compliance.