The new rules of the administrator system to be adopted by organizations, both private and public by the date of December 15 (except extensions, however, unlikely since there is already a delay of up to 6 months).
Privacy
The Guarantor has no requirement for the appointment of administrators to the system only for certain types of companies and provides for the exclusion of SMEs and companies that deal with administrative data-sensitive accounting and whose only data those of its employees on the state of health, illness (excluding diagnosis). These are the companies that benefit from the self-declared alternative to the DPS and the DPS simplified (under Article 34 Privacy Code). But remember that you only need one or sensitive data to trigger the judiciary.
Small and medium-sized enterprises are defined by Article 2083 Civil Code and regulations specifying that European SMEs are those enterprises which employ fewer than 250 employees and have an annual turnover not exceeding EUR 50 million.
The Guarantor has also provided the traceability of the activities of these obligation with the tracking log file access (log in and log-out), and therefore not all the activities, and hold them for at least 6 months. He predicted that these log files should eesere intact, verifiable and will not change, all of which will incur an overhead and administrative costs as well as considerable cause for further concern about the application. Small and medium-sized enterprises are defined by Article 2083 Civil Code and regulations specifying that European SMEs are those enterprises which employ fewer than 250 employees and have an annual turnover not exceeding EUR 50 million.
But reading the FAQ Garannte are clarified some of the modalities of implementation. To achieve
such measures would be implemented, for example, the log server or software for interfacing with SQL databases, perhaps encrypted with asymmetric keys, also in communication with the server, and perhaps in the back-end behind the firewall.
such measures would be implemented, for example, the log server or software for interfacing with SQL databases, perhaps encrypted with asymmetric keys, also in communication with the server, and perhaps in the back-end behind the firewall.
There are several computer security companies that have in fact prepared ad hoc solutions such as GFI. In a number of courses offered
doubt I noticed on the figure of the system and its interaction with the figure of the owner of the personal data or manager: in reality the system administrator should not be the one who can do everything and control systems but is a technician who must be audited by their agents. His figure may be as the responsibility of the person or the simple, but in any case, the Ombudsman stated that a figure should be clearly identified and named in the DPS, as well as the choice for specific requirements of capacity, reliability and experience. Moreover, the disclosure under Article 13 shall also contain a list of all the generals and administrators. It will then
holders and / or responsible for verifying the function of directors with annual updates and revisions.
doubt I noticed on the figure of the system and its interaction with the figure of the owner of the personal data or manager: in reality the system administrator should not be the one who can do everything and control systems but is a technician who must be audited by their agents. His figure may be as the responsibility of the person or the simple, but in any case, the Ombudsman stated that a figure should be clearly identified and named in the DPS, as well as the choice for specific requirements of capacity, reliability and experience. Moreover, the disclosure under Article 13 shall also contain a list of all the generals and administrators. It will then
holders and / or responsible for verifying the function of directors with annual updates and revisions.
0 comments:
Post a Comment