The aepd (Spanish data protection agency) makes available an assistant that will tell you what to do with the processing of personal data with a low level of risk.
This help tool for companies that carry out low-risk personal data processing for compliance with the General Data Protection Regulation
The mere obtaining of the documents provided by the tools of the AEPD does not imply, in any case, the automatic fulfillment of the obligations that the RGPD and the LOPDGDD establish for the users. responsible and in charge of the processing of personal data, in particular regarding the principle of active responsibility that the RGPD develops in its Chapter IV. These are initial help documents aimed at facilitating the understanding of said obligations and initially addressing them appropriately.
Based on the documents obtained, those responsible and in charge of personal data processing must carry out as many adaptations as may be necessary in a particular way for each personal data processing; taking into account the risks that for the rights and freedoms of natural persons could derive from said treatments depending on their nature, scope, context and purposes (Recital 76 and Article 35.1 of the RGPD).
The General Data Protection Regulation (RGPD) has been applied since May 25, 2018. In order to facilitate adaptation to the RGPD for companies and professionals (persons responsible or data processors) that process personal data with little risk to the rights and freedoms of individuals, the Spanish Agency for Data Protection makes the tool available to you.
It is an easy and free tool. Once its execution is finished, the data provided during its development is eliminated, so the Agency can in no case know the information that has been provided.
It has been designed as a useful resource for any company or professional, since with only three screens of very specific questions it allows those who use it to assess their situation regarding the processing of personal data that it carries out: if it adapts to the requirements demanded to use Facilita RGPD or if it must carry out a risk analysis.
Facilita RGPD may not be used for processing that implies a high risk for the rights and freedoms of individuals, such as health data or massive data processing, among others.
The tool generates various documents adapted to the specific company, information clauses that must be included in your personal data collection forms, contractual clauses to attach to the treatment manager contracts, the record of treatment activities, and an annex with indicative security measures considered minimal.
Facilita RGPD is aimed at companies that process low-risk personal data, such as personal data of customers, suppliers or human resources.
Keep in mind that Facilita RGPD is a help and, therefore, the resulting documentation must be adapted and updated to the situation of the treatments that are carried out in your entity. Obtaining the documents does not imply automatic compliance with the RGPD.