We forget that the protection

Rubi0000

Managers and people responsible for HR processes often have a vague or distorted understanding of processing operations "I do not process personal data I only collect CVs..." "Well... I write down the phone number and name when someone calls me in Excel but I don't create any database I don't process personal data..." If we do not properly identify the processes do not create the appropriate course of action do not prepare one of the number of documents required by the GDPR for example a register of processing activities or a register of categories and most importantly we do not identify the risks that may be associated with our activities in the area of ​​personal data processing.
  
We pay too much attention to documentation forgetting that documentation never ends of personal data is a continuous process and not a one off process this results for example from Article d of the GDPR regular testing measurement Phone Number List and assessment of the effectiveness of technical and organizational measures to ensure the security of processing. . After a thorough analysis of the provisions of the regulation and the explanations contained in the preamble it should be noted that the entire process of processing personal data must be based on the risk associated with it. The risk must be successively measured and the applied processes modified to keep up with the risk.



You can often come across a project approach probably taken from the PRINCE methodology in which the last step is the closing of the project which usually ends with the adoption of a management resolution on the implementation of the Personal Data Protection Policy PODO with annexes. In the case of the personal data protection process this methodology will not be correct in the long run. Personal data protection does not end with the implementation of appropriate organizational solutions in the form of PODO it is a continuous process that only begins after the introduction of policies it is PRINCE without the seventh final stage project closure. This is absolutely something to keep in mind.