The National Center for Personal Data Protection (NCPDP) performed, on November 17, a training course on personal data protection at the request of the Training Center in the field of Labor Relations. The event was attended by about 150 persons – principals of schools, kindergartens, gymnasiums, but also employees in the medical field.
The topics addressed in the training course covered: principles of personal data protection, rights of personal data subjects, registration of the enterprise / institution as a personal data controller, recommendations on identifying personal data filing systems at enterprises / institutions and requirements on personal data protection regarding video surveillance systems.
Denis Coțofan, interim deputy head of Legal Department, NCPDP, stated that: “if personal data are collected directly from the data subject and at the latest at the time of the first disclosure, the following information must be provided: the identity of the controller or of the processor, the purpose of processing for which the data are collected, the recipients of personal data, existence of the rights of access to data, the right of intervention upon data and the right to object, if the answers to the questions intended to collect data are mandatory or voluntary, as well as the possible consequences of denial to respond”.
Any personal data subject has the right to obtain from the controller, upon request, without delay and free of charge: the rectification, update, blocking or erasure of personal data the processing of which does not comply with this law. This is mainly due to the incomplete or inaccurate nature of the data and the notification to third parties to whom personal data have been disclosed about any operations performed, except where such notification proves to be impossible or involves disproportionate effort towards the legitimate interest that might be violated.
Daniela Movilă, senior State Inspector of Prevention, Surveillance and Evidence Department, spoke during the training course about the notification procedure of the filing systems managed by the personal data controllers. ” Each personal data controller, based on the specific activity, will elaborate and organize the implementation of document provisions which establish security policy of personal data, including the procedures and measures related to implementation of this policy by applying practical solutions with a level of proportional complexity and detailing, for users identification and authentication; the reaction to security incidents, IT and communication protection; to ensure personal data and IT information integrity; access management; audit and evidence insurance”.
The participants in the training asked questions to the representatives of NCPDP regarding the application in practice of the legislation in the field of personal data protection, identification of personal data processing systems but also about the steps that should be followed during data processing.