Guide of Impact on the Personal Data Protection
On January 29, to commemorate the International Data Protection Day, the control authorities of the countries of Argentina and Uruguay prepared a Guide for the study of Impact on the Personal Data Protection. Hose main objectives are:
1) minimize the risks of projects faced by entities –publics and privates- that manage personal data.
2) the implementation and standardization of preventive rules to which these entities must comply when carrying out said projects.
3) By developing an Impact Assessment, comply with current regulations on the matter.
The document begins by enunciating general concepts within which the one that stands out the most, is the meaning of ¨personal data¨ -because of its breadth-, encompassing all kinds of information, not only of individuals but also legal entities, in line with current regulations in the countries of Argentina and Uruguay.
Then, the need and importance of carrying out risk assessments that could affect personal data through its treatment is determined in the different projects or operations carried out by both public and private entities. These evaluations require going through different phases ranging from internal/operational matters, through regulations and security measures to be adopted, until finally reaching the preparation of the guide that will serve as the basis for the treatment of personal data that will be involved in the development of the activities carried out by the company.
Finally, and from the previous phases, the risk analysis that involves the development of the project or operation for the treatment of the data, through the phases of its development, is prepared. It should be noted that not only personal data is involved in any project, but other constitutional rights recognized such as the right to honor, self-image and privacy are collaterally achieved.
Implementation of an EIPD
As a corollary, the implementation of an EIPD in each project that a company develops and that involves the use of personal data is necessary to fully comply with local regulations on data protection. In the event that the risks of data collection and processing are high, it should be weighed if the measures developed, manage to minimize them, or if, on the contrary, they also pose a high risk, to which alternative ways of managing the data should be sought. In this way, the law and its postulates comply.