Francisco José Silva
The challenges of the general data protection regulation
Master in Security of Information Systems and Postgraduate in Information Systems Audit by the Faculty of Engineering of the Catholic University. Degree in Computer Science from Universidade Lusófona. He is also a Post-Graduate in Management and Security Direction from the Autonomous University of Lisbon. Currently attending a PhD in Law and Security from the Faculty of Law of Universidade Nova de Lisboa. He began his professional activity as a teacher. In the last years they have been dedicated to develop activity of Auditor and Adviser of Information Security. Currently, in addition to Coordinator of the Consulting Division is also responsible for Business Development, Project Management and Execution.
Nationality: Portugal
Scientific areas: Dental assistant course
10 of november, from 14h30 until 16h00
Auditório D
Conference summary
Most of the existing processes in organizations rely to a large extent on the processing of personal data belonging to different stakeholder groups. The nature of the risks to which the processing of personal data is exposed presupposes the need not only to introduce initially the legal, technical and organizational requirements established by the regulatory frame of reference but also, and in particular to manage the maintenance of compliance effective over time.
The exercise of good control and management of personal data is essential to ensure, and be able to demonstrate, compliance with the RGPD. Risk management is an effective way of protecting “the fundamental rights and freedoms of natural persons, and in particular their right to privacy with regard to the processing of personal data”.
The regulatory framework requires that all treatment activities go through Need and Minimization. Organizations shall have the capacity to justify the need for collection, conservation, consultation and transfer of information and shall collect the minimum data required, retain for the minimum time required and be accessed and shared with a minimum number of persons or organizations.
The security of personal information should be based on respect for good practices and maintenance of data processing systems in order to be protected against attacks. Information security should include the use of information systems that include mechanisms to record the actions of each user in the system during a defined period of time; ensure the integrity of the data and include a mechanism for any deletion, archiving or anonymisation of such data when the retention period expires.