Online Reputation and compliance with the Data Privacy Law for web pages and online business
Do you want to build a good online reputation among your clients and customers based on legal compliance standards? Yes?
These are the steps to follow:
✓ There is a digital community of consumers that is creating a digital behavior regarding the purchase of products and services. A client´s complaint can cause that other clients stop buying the products or services from your web page affecting your reputation and therefore, the possibility to make profits.
Acting in compliance with the law in Internet can avoid behaviors from clients and consumers that can be very damaging to your business and can help to generate more sales.
✓ To be in compliance with laws in the Internet, you shall comply with the Data Protection Law and the Law of Services of the Information Society and Electronic Commerce. It is advisable to enable the means in your web page to facilitate the resolution of any claims, incidents and/or complaints, or to adhere to a dispute or claims resolution procedure to create a good reputation.
See below a list of simple steps to comply with the Spanish Data Protection Law and to have a privacy policy so that your business will operate legally in the Internet:
✎ Legitimize the personal data informing data holders about the processing of their data, the purpose of the processing and obtaining their consent thereof.
✎ Facilitate the exercise of the ARCO rights (access, rectification, correction and opposition), by the data holders, establishing a methodology that it is easy to exercise.
✎ Implement the technical and organizational security measures that are adequate pursuant to the type of personal data that is used, that guarantee the security of the data, and avoid its alteration, loss and non-authorized processing or access. Start implementing protection and privacy measures by design, that is, design your applications securing the privacy of the personal data that is processed, since this will be a requirement when the new European Union data privacy regulation applies.
✎ Prepare and keep the Security Document reflecting among others, the security measures to protect the data, system structure, users, incident handing, responsible person for the processing, etc,… and keep it update in case of changes.
✎ Establish a performance protocol in the event that a security breach occurs, for instance, in case of an illegitimate access to your systems that causes the loss and dissemination of confidential data, such protocol will allow you to act timely and within the legality to overcome such situations.
✎ Enter into the contracts that authorize you to assign the personal data to third parties (for instance, service providers), execute the so called “standard model clauses” or the “corporate binding rules” that allow you to assign the data internationally (for instance, to your parent company located outside the Spanish or EU borders), or obtain the consent of the data holder for the assignment of data when required by law.
✎ Execute confidentiality agreements with your employees and third parties to preserve the secrecy of the data, to avoid its dissemination and to alert them of the consequences of the breach of such obligations.
✎ Register the files with the Data Privacy agency, either automated or manual, the files containing personal data shall be notified and registered with the Data Privacy Agency, along with its modifications.
✎ Create an internal protocol applicable when the use of the personal data terminates (for instance, when an employee leaves the company), setting forth the legal time of maintenance of such data, and adopting adequate measures to avoid the commercial and business use of the same.
✎ Provide training to your employees regarding the applicable Data Privacy law and specially, the compliance with the security measures implemented internally in the company for the protection of the personal data.
What are you saving, avoiding or favoring acting in this manner?
➾ Be subject to high fines imposed by the Spanish Data Privacy Agency, that can go up to 600,000 Euros for very serious breaches.
➾ Preserve a good digital reputation for your business and generate sales.
➾ Apply legal compliance standards in the Internet generating consumer´s trust and adequate Corporate or Social Responsibility Practices.