Data Protection Agency issues Audit regulation
The Data Protection Agency (DPA) issued Disposition 5/2008 establishing the procedure to perform audits in data controller premises. The aim of Disposition 5/2008 is to regulate how audits are going to take place and to describe its stages. Under this new regulation the data protection agency will send a note with a questionnaire to the company several days before the inspection. In a later stage, the DPA could visit the premises and request access to the databases and verify compliance with security regulations, registrations and other requirements of the law.
Through Disposition 7/2008 the “Guidelines for good data protection practices in personal databases of the public sector” have been approved. The Guidelines explain the application of data protection rules in public sector databases. The Guidelines also include a sample confidentiality agreement for the public sector. In these Guidelines, the DPA also explains the relationship between data protection law and the freedom of information regulations.
For further information on this topic please contact Pablo A. Palazzi