A few days ago I had an interesting conversation with Eric, expert on LOPD, where we discussed the most common arguments used by astute commercial with just to get a client to accept an adequacy of their treatment of personal data. At the end of the conversation a question is was hitting me in the head. Okay everything?. In the years that I’ve been delving over the law have met reasoning each more surprising: sanctions: use fear to which customers could be fined up to 600,000. While it is true, this is one of the more vague arguments that I have heard and also the most widely used.
Inspections: Do believe the AEPD is sending inspectors by companies form increasingly common and random so it can be visited soon and if they do not comply with the data protection act will be fined. Up to where I was, AEPD only acts ex officio to verify the degree of compliance by a particular business sector or under complaint by an affected. Company approved and certified: sold as authorised by the own AEPD company and which issue certificates of adequacy. The AEPD is not a standardisation or certifying agency and so far has no official certified concluded with no private or private entity. Neither requires approved title for provision of advice in the field of data protection. These certificates have no value, nor guarantee anything by the AEPD. Hopefully this will change in the near future, but now anyone could make an adaptation to LOPD and mission of the customer choose a professional in this field. Adaptations to zero cost or by Internet: offer adjustments to the data protection act free of charge provided that accept subsidized/subsidized training courses or make adaptations very economic by Internet (distance). Allow me to doubt the credibility that might have such solutions usually incomplete. As an example, most of the time consultants make only a partial adaptation in which implemented the organizational measures leaving aside the technical measures.