Whenever we talk about cloud services it is inevitable to talk about Internet security and the protection of personal data. But there is always the temptation to say: "Adapting to the LOPD is very complicated and nothing is likely to happen to me." Until it happens, of course, and then are not worth the excuses.
How can we ensure that we meet the requirements of the Organic Law on Data Protection ? And what sanctions would we impose if we failed to do so? As prevention is better than cure, then I explain what would happen if you do not adapt to the Organic Law of Data Protection as soon as possible?
Types of infringements and sanctions
The type of infractions you can commit can range from the slightest to the most serious. The sanctions are imposed according to a number of sections depending on what is estimated in each specific case.
Minor infractions: you must pay between 900 and 40,000 €.
There are a number of infractions classified as minor. For example, do not attend to people who request to rectify or cancel personal data that you have been provided. Imagine that a user asks you to delete your information from your database, because you do not want to remain subscribed to your newsletter, or send more sales emails. If you do not, the processing of your personal data would be done legally and you would be committing an infraction.
Other infractions of this kind are also administrative, such as collecting data without the prior consent of the owner, not enrolling in the General Registry, or not making the relevant notifications to the Spanish Data Protection Agency.
Serious infringements: between € 40,000 and € 300,000.
Sanctions of a more serious economic amount. For example, failure to meet the appropriate safety conditions is a serious violation. If your site does not work with encrypted information, or upload your customer databases to some storage systems in the cloud, like Dropbox or Google Drive, you're committing a serious infringement.
Or also if you use the files that have been provided to you for a different purpose than the ones you have been given. Or collect data from people without first asking for consent (attention to those who look for e-mails on the Internet to advertise without asking permission). They are serious infractions that can carry a sanction for the company.
Very serious infraction: between 300.001 and 600.000 €
When in addition to breaching the Data Protection Act , continue repeatedly despite complaints and communications are getting a serious offense happens to become very serious. Also when you transfer personal information to servers located in other countries where there is a level of protection of personal data strong enough to ensure the rights of users.
In short, what I tell you to protect the personal data of your customers, users of your website and your list of e-mails is essential if you do not want to take a scare on occasion to harm someone. Remember that, in the last line, you can only reduce the amount of the penalty.
It is important that you determine in your company adapt to the Data Protection Act as soon as possible to prevent such problems. Does your company meet these requirements?
0 comments:
Post a Comment