LOPD Audit and LSSI

Online trade has brought with it many advantages but also great responsibilities. Working online involves managing personal information from many users and protecting their personal integrity is one of the goals of this new network society. To certify that a company is properly dealing with the data of its customers, it is required to submit an audit LOPD and LSSI.

What is a data protection audit?

This type of report is done to verify correct implementation of security measures which must carry out an organization in accordance with the Organic Law on Data Protection (LOPD) and the Law on Services of the Information Society and Electronic Commerce (LSSI or LSSICE). To comply with the LOPD regulations, this report must be carried out in a manner compulsory every two years in all companies dealing with personal data medium-high level. That is, if you handle data from customers, employees, collaborators, suppliers, etc. You will also have to present this file when there has been a significant change in the type of information that is involved, then needing modifications to the security system, even if it has been less than the stipulated time. This report should be made available to the Spanish Data Protection Agency (AEPD or AGPD) or to the control authorities of the Autonomous Communities.

Should I also take into account the Cookies Act to comply with the LOPD?

I definitely do. AEPD is also responsible for verifying that companies comply with the cookies regulations. Cookies are information sent by a website that is stored in a user's browser and serves to know your previous activity. In order to comply with the law, it is essential to notify all users of your use on our site to give us your permission. You can view all information regarding the use of AGPD cookies in the following link:https://www.agpd.es/portalwebAGPD/canaldocumentation/publications/common/Guias/Guia_Cookies.pdf

What if I don't comply with the Data Protection Regulation?

One of the first causes of not complying with the LOPD and LSSI, as with the rest of the laws, is that it carries a sanction. According to the Organic Law on Data Protection, not presenting the audit is an grave breach which carries economic fines from 40.001 € and 300.000 € could even reach the 600.000 € for offences considered Very serious. You can see it. here..

Power over personal information only belongs to your owner

But, leaving aside economic penalties, failing to comply with the LOPD and LSSI regulations further means violating the right to personal privacy of all persons who have given you consent to manage their data, relying on your good doing. It's your responsibility manage such information and ensure its confidentiality. Transgressing this rule would not only entail the distrust of all your customers if not also an important blow to the reputation of your company. So, if you're thinking of ceding the data, taking advantage of it for your marketing campaigns, using the files for any different purpose for which they were created or, simply, you're not saving the information with the required security, think twice, because it can mean the end of your business.With the law don't play it and trust only professionals. That's why in AlabazWeb Pro we have the collaboration of a team of specialized lawyers in the field of electronic commerce and data protection. They endorse years of experience in conducting audits in all types of companies and sectors.

If you are not sure if you must perform the data protection audit of your company or if you are complying with the current regulations, do not hesitate and contact us. We'll take care of informing you of everything you need.