What are the 5 most common mistakes when complying with Law 1581?

[shukla7789]

Posted by

Oscar Ordonez
No comments
Within the process of implementing the requirements defined by the regulatory framework of the Personal Data Protection Law, errors may occur; some of them are due to ambiguities in the law, others simply due to incorrect interpretations or poor advice. However, there are 5 common errors that occur during the process of developing an implementation that guarantees compliance with the regulatory requirements. These 5 errors are:

Copying a Policy : This is one of the most common practices, and it is because unfortunately many managers within companies have the idea that any policy will work or apply to their company, that it is just a matter of copying and pasting to simply comply with the legal requirement, to the point that many do not even take the time to ios database the email, phone or company information from which they copied the policy. It is very important to understand that each company's policy must be the result of an internal analysis that reflects the reality of the company.
Proof of authorization : Many controllers do not consider this legal requirement as part of their compliance process and only when the owner or the control entity requests the aforementioned proof of authorization is when they ask questions such as: what do we do now?, where is it?, who has it?, among others. Controllers must consider this requirement as one of the most important since it constitutes legitimate proof of the authorization received by the owner to carry out the data processing.
Inadequate Support : Due to the increase in demand for consulting, advice and support in relation to Personal Data Protection and mainly for compliance with what is related to the National Database Registry (RNBD), a countless number of offers associated with this type of services have been generated, this is where many companies that act as responsible parties make serious mistakes, since as usual decisions are made based on price and not on the quality or clarity of the contracted services. Be very aware of who and what they are offering you when you are asked to make a financial investment, saving today can cost you dearly later.
Believing that the RNBD is everything : The national database registry (RNBD) is only one part of the requirements for true and adequate compliance with the protection of personal data. The main factor that has fostered this error is that there are currently companies ( without adequate knowledge ) that, in their eagerness to take advantage of the existing demand in the market, sell an incomplete and incorrect concept of what compliance with the requirements of the Personal Data Protection Law really entails.
Leaving it to the last minute : Complying with the requirements of the Law is a task that companies, as those responsible, should have already started, since adequately complying with the norm does not only mean carrying out the RNBD, but also developing policies, procedures, risk analysis, incident management, evaluation and monitoring, among others. If you have not registered or have already done so and believe that this is enough, do not worry, since the SIC compliance evaluations are focused on verifying demonstrated responsibility.
From all of the above we can draw two conclusions: be careful when hiring the services of companies to advise you on compliance and make sure you know and understand all the requirements that you, as a responsible party, must meet.