Business Success Cases at GRUPO ANTOLIN: Right to Privacy

Escrito por: José Manuel Garcelán Publicado: 17/10/2024

GRUPO ANTOLIN: Right to Privacy

José Manuel Garcelán García, Compliance Director at Grupo Antolin.

‘‘Personal information is as valuable, if not more valuable, than tangible objects. We must treat data as a precious material and secure it with that attitude in mind’’.

At GRUPO ANTOLIN, we are aware of the importance of privacy in all areas in which we operate. From this perspective, we are committed to the highest ethical standards in our operations. One of the company’s most important commitments is the development of programs that maintain the trust of our employees, clients, and stakeholders regarding how the company handles and respects their privacy and personal information.

We have created a general framework that encompasses all operations of GRUPO ANTOLIN, utilizing the most protective standard for individual rights regarding personal data protection, which is none other than the European reference standard (“GDPR”). We aim to maintain a culture of privacy by formulating a clear and straightforward Global Program, ensuring global effectiveness and quality. The principles of action when we collect, use, manage, and store information are:

  • Respect for privacy expectations.
  • Process data lawfully, fairly, and transparently.
  • Collect adequate, relevant, and limited data to what is necessary for the processing.
  • Maintain accurate and up-to-date data, ensuring that the identification of the data subjects does not last longer than necessary for the purposes of processing.
  • Document and inform about the legitimate needs of the processing.
  • Notify and inform about the rights, providing a way to exercise them.
  • Limit and document access to information.
  • Ensure adequate security to preserve the integrity of the data and prevent unauthorized access or use.
  • Provide channels and means to report potential privacy breaches or information leaks.
  • Establish and follow data transfer rules.

One of the ways we can demonstrate our ability to gain and maintain the trust of our stakeholders is by safeguarding their personal information. To this end, the Privacy Committee of Grupo Antolin has been established, led by Compliance, as an interdisciplinary body with the primary mission of establishing a solid program that will include the following elements:

  1. Identification of personal data, processes, and systems, as well as the applicable laws, regulations, policies, and procedures.
  2. Evaluation, advice, and development of standards.
  3. Education and training.
  4. Internal mechanisms for reporting privacy incidents.
  5. Monitoring and auditing.
  6. Procedures for responding to potential deviations.
  7. Continuous risk assessment.

Some of the documents or procedures that configure the new compliance framework include the Record of Processing Activities (RAT), which reflects the legal analysis of all personal data processing carried out by Grupo Antolin, separated by areas of responsibility. This is necessary to carry out an adequate risk analysis, accompanied by a privacy impact assessment. This document is configured as a legal and internal requirement, allowing us to establish a consistent criterion that enables sharing and harmonizing different synergies regarding data protection.

To comprehensively inform each category of stakeholders about the processing carried out concerning them, information and consent clauses have been developed or modified for all groups related to the company. These clauses reflect and structure the information previously included in the Record of Processing Activities.

The adaptation process extends with the establishment of breach notification procedures, data retention policies, procedures for exercising rights, notes on the regularization of commercial communications, legal analysis on the need for and statutes of the Data Protection Officer (DPO), procedures for receiving, analyzing, processing, and responding to requests received, as well as privacy inquiries, complaints, and recommendations, along with subsequent analyses for proper compliance.

Promoting Education and Awareness

A fundamental aspect is generating that corporate culture of respect for privacy and protection of personal data, which can only be achieved by being aware of the importance and value of data.

The best way to create this awareness is by understanding the value of personal data in comparison to other material assets. If someone entrusted you with a diamond ring or the title to their house for safekeeping, where would you put it? Would you leave it on a table within reach of many users? Or would you place it in a secure location known only to you and the owner?

If you thought about the latter, then you have the right attitude; now that thought should be applied to the data of employees and stakeholders. Personal information is as valuable, if not more valuable, than tangible objects. We must treat data as a precious material and secure it with that attitude in mind.

If employees internally are aware of the importance, value, and necessary security that personal data requires, it will be easier for different stakeholders to be influenced, attracted, and to adopt those best practices and due diligence regarding data protection.

Logo JMG

2024 © José Manuel Garcelán - Aviso Legal - Política de Cookies - Política de Privacidad

This site is registered on wpml.org as a development site. Switch to a production site key to remove this banner.