By Pablo A. Palazzi
Data Protection Agency issues audit regulation
The Data Protection Agency (DPA) issued Disposition 5/2008 detailing the procedure to perform audits in data controller. The aim of Disposition 5/2008 is to regulate how audits take place and to describe audit stages. Under this new regulation, the data protection agency will send a note with a questionnaire to the company several days before the inspection. Later, the DPA could visit the premises, request access to the databases, and verify compliance with security regulations, registrations, and other requirements of the law.
Data Protection Guidelines for the public sector
The Data Protection Agency has approved, by Disposition 7/2008, the "Guidelines for good data protection practices in personal databases of the public sector." The guidelines explain the application of data protection rules in government databases. They also include a sample confidentiality agreement for the public sector, and the DPA explains the relationship between data protection law and freedom of information regulations.
Data Protection Agency postpones deadline for security measures