Tool designed to support companies that carry out low-risk data processing in their compliance with the General Data Protection Regulation
The General Data Protection Regulation (GDPR) applies from 25 May 2018. For the purposes of streamlining adaptation to the RGPD to companies and professionals (data processors or data controllers) that process personal data which entail a low-risk for the rights and freedoms of persons, the Spanish Data Protection Agency has made available for you the tool.
Facilita RGPD is a free, user-friendly tool. Once execution has been completed, data fed to the tool during development are deleted, and therefore the Spanish Data Protection Agency may not, in any case, come to know the information fed to the tool.
It has been designed as an useful resource for any company or professional. It consists of very specific questions displayed over only three screen pages, which allows users to assess their situation with regard to personal data processing activities carried out by them; that is, to assess whether their systems are adapted to the requirements to use Facilita RGPD or if it must perform a risk analysis.
Facilita RGPD may not be used in any processing activities involving a high risk for rights and freedoms of persons, such as healthcare data or mass data processing, among others.
The tool may generate different document adapted to an specific company, informative clauses that must be included in any personal data collection forms, contractual data to be annexed to the data controller contract, the records of processing activities and an annex including guidelines for security measures deemed as minimum.
Facilita RGPD is designed for companies that process low-risk personal data, such as, for example, personal data of customers, providers or human resources.
It must be considered that Facilita RGPD is a supporting tool, and, therefore, its resulting documents must be adapted and updated to the situation of any processing activities carried out by your organisation. Obtaining said resulting documents does not automatically entail compliance with the GDPR.