::: MASDEVALL Attorneys at Law ::: Duties for the controller of files

The legislation regarding personal data protection establishes, among others, the following main duties for the controller of files:

Duty of information

Each data subject from whom personal data is requested must be previously informed of the purpose of collecting their data and by whom it is carried out, as well as of their rights to access, rectify, erase or objection at any time.

Notification of files

The notification of a file in the General Data Protection Register is compulsory when it includes a processing of personal data ("any information concerning to identified or identifiable natural persons") which implies the inclusion of the aforementioned data in the file ("any organized set of personal data, whatever the form or the method of its creation, storage, organization and access").

Processor of data

When access to data by a third party is necessary for the provision of a service to the controller, this processing shall be regulated by a contract which must be in writing or in any other form which allows its performance and content to be assessed.

Data security

The controller of files, or where applicable the processor of data, must adopt the technical and organizational measures necessary to ensure the security of the personal data and prevent its alteration, loss, and unauthorized processing or access. The different measures to be established (i.e.: accesses control, management of media, procedures for making backup copies and recovering data, etc ...) will be set out in the so-called security document.

For further information about the adaptation to the legislation regarding personal data protection, send a message to: info@masdevall.com