Am I obligated to comply with the law?

All companies are required to comply with the law

The registration with the Authorities of databases that include personal data is a legal requirement of any company in any sector. All companies and/or institutions, public or private, that hold personal databases, whether on paper or computerized, are obliged to comply with the law.

What does the law say?

The Law guarantees the processing of personal data and the freedoms of the individuals, safeguarding their fundamental rights, their honour and personal and family privacy.

The purpose of Law 1581/2012 is to develop the constitutional right of all people to exercise their ‘CARS’ rights to Know, Update, Correct or Delete the data gathered about them by companies/entities in databases or files, and other rights, freedoms and constitutional guarantees.

Obligations of companies and/or institutions

• Implement a Manual of Policies and Procedures on Data Protection to ensure compliance with the law.
• Register with the National Register of Databases
• Facilitate the ability of the individuals whose data is held by informing them how to make Queries and Claims about their personal data.
• Designate a person responsible for Data Protection in the organisation.
• Educate and train members of staff that handle personal data.

What are the consequences of not complying?

Sanction Amount / Term:

• Fine of a personal and institutional character: 2,000 x the minimum monthly salary.
• Suspension of activities of up to 6 months.
• Following the suspension, temporary or immediate and final closure.

Benefits to businesses and citizens:

Complying with the Data Protection Act and the transparency it involves improves the image of your company, as well as avoiding fines, while facilitating the exercise of the rights of individuals to their personal data.

Deliverables

Seqqe assists companies and their executives in the steps required by law to enable them to identify and implement Data Protection procedures correctly and in a demonstrable manner:

• The preparation of the procedures manual.
• Creating a privacy policy appropriate to the size and activity of your company
• Staff training, either through the Seqqe e-learning training platform or in person.
• Registering your personal data bases with the Authorities.

Training

– Training for Management and Staff

– Generation of the Company’s Security Manual

Every company/entity must have a Security Manual for Data Protection. This defines the company’s policies on how it handles individual’s data: how it keeps the data secure, what it is used for by the company, who it might be transferred to, how individuals may pursue their rights, and so on. It is a ‘live’ document that your company will use to record its activities as it carries out its Data Protection policies. This ‘living’ document will enable your company to show your commitment to the principle of Accountability and Transparency in your handling of individuals’ personal data.

All employees who handle personal data have to be trained in the company’s policies. We provide on-line training at several levels, each level designed to suit the needs of the different roles and functions in your company.