Post by account_disabled on Mar 10, 2024 4:16:15 GMT
Protection of persons who report breaches of regulations and the fight against corruption, states that the administrative body or governing body of each entity or body obliged to by the law" 29 May 2023 News This article is the result of the debate produced in the Session: “Labor and data protection issues in Law 2/2023 of February 20 on the protection of the informante" Article 5 of Law 2/2023, of February 20, regulating the protection of people who report on regulatory violations and the fight against corruption, states that the administrative body or governing body of each entity or body required by law, in addition to being responsible for the implementation of the internal information system, will have the status of person responsible for the processing of personal data in accordance with the provisions of the regulations on protection of personal data. It supposes, then, an attribution former legem of the status of data controller. It is not idle to remember that this figure is defined by the General Data Protection Regulation with very precise contours.
Responsible for the treatment" or "controller": the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the treatment; if Union or Member State law determines the purposes and means of processing, the controller or the specific criteria for his appointment may be established by Union or Member State law; On the one hand, there is an attribution of roles of a material nature based on the identification of the entity or subject with material decision-making USA Phone Number capacity. On the other hand, when the law makes these decisions, it can also attribute to a specific subject the condition of responsible. This is not a controversial issue. What is debatable will be whether the legislator's choice is correct. On many occasions, with the freedom that academia grants us, we have criticized laboratory solutions. And this undoubtedly is since it can become inefficient or problematic for different reasons. The first, and most elementary, returns us to the material approach. The law not only defines the ends and the means, it also promotes a certain management model.
Its article 8, when regulating the designation and functions of the person in charge of the internal information system, identifies the person or collegiate body that, based on a statute of independence, will make ordinary management decisions. Statute that, far from being affected, would have been enriched by being attributed the status of data controller. And this for many different reasons. The first since the transparency and reliability of the system, as well as its accessibility. Given the importance of his decision, it will usually be that the complainant carefully check the legal information including privacy policies: What will you understand when you read that the person responsible for the treatment is a "Board of Directors", with respect to which you will raise any type of communication? The caller did not obtain the privacy certification from the AEPD and could understand that the "information system" that was going to protect his identity is directed by those who he intended to denounce. If so, no one in their right mind would file a complaint. And although it will be affirmed that what "common sense" has little legal or rational value, when it is regulated it is worth putting yourself in the place of people who will not notice these dogmatic delicacies.
Responsible for the treatment" or "controller": the natural or legal person, public authority, service or other body that, alone or jointly with others, determines the purposes and means of the treatment; if Union or Member State law determines the purposes and means of processing, the controller or the specific criteria for his appointment may be established by Union or Member State law; On the one hand, there is an attribution of roles of a material nature based on the identification of the entity or subject with material decision-making USA Phone Number capacity. On the other hand, when the law makes these decisions, it can also attribute to a specific subject the condition of responsible. This is not a controversial issue. What is debatable will be whether the legislator's choice is correct. On many occasions, with the freedom that academia grants us, we have criticized laboratory solutions. And this undoubtedly is since it can become inefficient or problematic for different reasons. The first, and most elementary, returns us to the material approach. The law not only defines the ends and the means, it also promotes a certain management model.
Its article 8, when regulating the designation and functions of the person in charge of the internal information system, identifies the person or collegiate body that, based on a statute of independence, will make ordinary management decisions. Statute that, far from being affected, would have been enriched by being attributed the status of data controller. And this for many different reasons. The first since the transparency and reliability of the system, as well as its accessibility. Given the importance of his decision, it will usually be that the complainant carefully check the legal information including privacy policies: What will you understand when you read that the person responsible for the treatment is a "Board of Directors", with respect to which you will raise any type of communication? The caller did not obtain the privacy certification from the AEPD and could understand that the "information system" that was going to protect his identity is directed by those who he intended to denounce. If so, no one in their right mind would file a complaint. And although it will be affirmed that what "common sense" has little legal or rational value, when it is regulated it is worth putting yourself in the place of people who will not notice these dogmatic delicacies.