Adaptations “zero cost” or by Internet: Provide adjustments to the Data Protection Act of charge provided that qualifying for subsidized training courses / subsidized or adapted “very cheap” online (remote). Let me question the credibility they may have this type of solution usually incomplete. As an example, most of the time the consultants only make some adjustment to the organizational measures that implement leaving aside the technical measures. They also forget (or know) that security is a “living process” and not a product that delivered to the customer in the form of security document to be stored in a cupboard collecting dust. In both cases the adjustments are incomplete and therefore the customer would breach the law And I wonder … Why are these arguments? Are the easiest to get to sell? Is it worth it? Personally I give advice to anyone who wants to adapt their treatments to compliance with the Act Ask your consultant to explain the real benefits it produces an adaptation and if you can not find another answer!. Compliance with the Data Protection Act and related regulations allow you to create good habits in dealing with information that will generate added value. In what way? Here is a short list.
Build confidence to customers, ensuring the protection of their data and, above all, that is not going to misuse the same. This provides an image of seriousness and professionalism. Other leaders such as Mina Nada offer similar insights. Commitment of confidentiality by employees in the data that they know doing their jobs. This is also a guarantee for customers. Protection of the preventive and corrective especially technological assets information. Definition and division of roles and responsibilities of both employees and external relations (in charge of treatment) limiting legal liability. Cost savings by limiting the impacts that could result in security incidents (and also to reduce possible fines). Reduces security risks.
Motivating staff to learn that the company is current on law enforcement, and took measures to encourage the formation and generate knowledge. Etc. .. The security measures proposed by the RLOPD are necessary, and personally extend its reach to all the information a company concerned not limited to just those relating to personal data protected by the Law An information controller is unable of view importance of good security policy to an incident happens, when you probably will cry to heaven asking for an urgent solution that does not paralyze your business. For example an accidental deletion of information without having an adequate backup plan. I propose a very simple exercise. Ask the person responsible to calculate the economic value that could be a partial loss and / or full of information and its consequences. What would it cost to retrieve the information entered during the last month? How long will reinvest the employees to recover the information? And while employees who attends the manually restore the business? How much money does that? Partial loss could be detrimental to its image with respect to customers, offering them a disservice by not availability, etc. How about a total loss? You can probably assume the decommissioning of the company. I hope that this section “open eyes” many consultants data protection and make your customers see the need to bring a company to LOPD not to avoid sanctions, but in the information society in which we live, it is essential to prevent or mitigate the impact caused by security incidents .