MAIN DEPARTMENTS OF TECHNICAL OFFICE OF REAL ESTATE
ACCORDING TO THE RULES 2016/679
The expert and his associates, in accordance with Regulation 2016/679, must comply with the obligations imposed by the Regulation, ie:
1. Keep a record of processing activities.
2. Have a customer information form in accordance with Article 13 of the Regulation. However, they do not have to obtain the consent of the customer, unless the data is to be used for other purposes, in addition to keeping a record in order to carry out the order.
2. To respect in practice the rights of their customers, for which they must inform the respective customer, according to the following, ie:
A) The right of access and specifically the right of the customer to know if his personal data is processed, how and for what purpose.
B) The right to correct, in simple words the right of the customer to request the correction of personal data that is inaccurate or incomplete.
C) The right to delete, ie the right of the customer to request the deletion of his personal data. It is valid only after the end of the command, as long as this data is no longer necessary.
D) The right to limit the processing of data by the client involved.
E) The right to portability and specifically the right to send data electronically (if kept electronically) to another.
Time of exercise of rights: 1 month and usually the first month of cooperation.
When he refuses to satisfy these rights or is late in satisfying them, he must explain the reasons for the delay.
3. Have a protocol and follow a procedure for managing them
incidents of personal data breach and
in particular for the notification of violations
personal data (eg hacking, infection
with malware (such as ransomware), USB loss, laptop
computer, etc., to the Personal Data Protection Authority
Character and for informing individuals who
relates to the incident when the infringement may be high
endangering their rights and freedoms (relevant forms
find attached).
4. Take technical and organizational data security measures,
i.e.
i. Make use of secure passwords (recommended minimum
length are the 8 characters it includes
numbers, letters and symbols) for secure login (log-in)
in systems (computers, Wi-Fi).
ii. The codes must not be recorded somewhere in
their real form (neither physical nor electronic
file).
iii. There must be protection against malware
computers of the law firm (both
personal computers as well as servers
who keep or process personal data
character and have installed updates
antivirus programs
iv. Avoid using portable storage media (USB) and
storage of confidential documents (documents,
copies of files, etc.).
v. Use of modern operating systems and tactics
update them, (eg we do not use Windows XP that
not updated anymore)
vi. Use and activate security wall programs
(firewall) on all computers held or
personal data is processed
vii. Avoid "downloading" from the internet and using
software of unknown origin
viii. Get backups on a regular basis
intervals.
ix. Avoid using free e-mail, e.g. Yahoo, for shipping
and receiving sensitive data, e.g. medical
certificates and confidential documents and deeds.
x. Encrypting his internal hard drive
Computer
xi. Avoid storing staff data
character on computers connected to the internet
xii. Avoid remote access to computers
π have personal data stored and if
required such should be done under supervision and
control and be recorded.
xiii. Cryptography of external - portable units
storage (eg external hard drive, USB, etc.)
in which personal data files are kept
xiv. Implement automatic disconnection procedures (after
from a reasonable period of inactivity) and / or
activation of its screen saver
computer where there are stored personal
data - for the deactivation of which will be required
password use.
xv. Take appropriate measures for physical safety
and protection of places where there are paper files with
personal data (copies, copies of files
etc.)
5. Observe the Clean desk policy (see).
attached Annex).
6. To draw up confidentiality agreements with partners
lawyers and practicing lawyers.
7. To draw up contracts with processors
(bailiffs, notaries, etc.).
8. To pursue a policy of secure destruction of documents and deletion
digital data.
9. The website of the law firm has a policy
data protection and cookies policy.
10. The sending of newsletters to the office must be done with
obtaining double opt-in consent.
APPENDIX: CULTURAL OFFICE CULTURE
1. It must be ensured that all case files are sensitive /
confidential information in printed or electronic form is insured in
their workplace at the end of the day in lockers that insure or in
computers that have encryption and security codes
(passwords).
2. Computers must be locked when the workplace is not
occupied.
3. Computers must be closed at the end of the working day and not
they are simply suspended.
4. File files with confidential or sensitive information must
they are removed from the desk and locked in a drawer when they are not
no one in the office and at the end of the working day.
5. Cabinets with case files must be kept closed and locked
when not in use or when no one is paying attention.
6. The keys that secure the offices and cabinets they contain
Envelopes with confidential information should not be left in an office without
supervision.
7. Laptops must be either locked with a locking cable
either insured in a drawer or other space.
8. Passwords must not be marked on stickers
on the computer nor left in a position that others have access to.
9. The printing of any kind of confidential documents must be removed
directly from the printer.
10. When destroying documents, they should be cut with special ones
devices or in the mood for safe disaster.
11. Lock laptops such as laptops and
tablets.
12. Mass storage devices such as CDROM, DVD or USB drives must be
are insured by encryption and remain secure.