We understand that navigating the complexities of Law 25 can be cumbersome, and Present is dedicated to supporting you in achieving compliance with ease and confidence . Our comprehensive roadmap and services are tailored to prioritizing your organization’s data privacy and security, while ensuring seamless compliance with this new legislation.
How we can help
Comprehensive Overview
We provide a detailed explanation of Law 25, outlining its scope, requirements, and implications for your business.
Step-by-Step Compliance Guide
We break down the compliance process into manageable steps, guiding you through the necessary actions and documentation. This includes sample templates to refer to.
Security Best Practices
Our document includes valuable insights into best practices for IT security, maintaining ongoing compliance and addressing potential challenges.
Law 25 Information
Your obligations for phase 1 & 2
Appoint a person responsible for the protection of personal information
Designate an individual within your organization who will be specifically responsible for safeguarding the personal information of your clients. This person will oversee data privacy practices and ensure compliance with relevant regulations.
Publicly communicate the name of the responsible person on your website
Clearly disclose the name of the designated responsible person on your website to demonstrate transparency and accountability to your clients. This public declaration reinforces your commitment to protecting their personal information.
Keep an incident log (to be available upon government request)
Maintain a comprehensive log that records any incidents or breaches involving personal information. This log should include details such as the nature of the incident, its impact, and the actions taken to address it. This log should be readily available for government authorities upon their request.
Inventory the personal information held by the company or on its behalf by a third party and assess its sensitivity (2023)
Conduct a thorough inventory of all the personal information your company possesses or that is handled by third parties on your behalf. This includes information such as names, contact details, financial data, and any other personally identifiable information. Evaluate the sensitivity of this information to identify potential risks and prioritize security measures. This inventory and assessment should be completed by 2023.
Support the responsible person with the necessary resources
Provide the designated responsible person with the resources, tools, and training necessary to effectively carry out their duties. This ensures that they can successfully implement and manage privacy practices, stay updated with regulatory requirements, and respond promptly to any privacy-related issues.
Implement measures to prevent or limit the consequences of a confidentiality incident involving personal information
Establish proactive measures to prevent unauthorized access, breaches, or disclosure of personal information. This includes implementing robust security protocols, encryption measures, access controls, and employee training programs to minimize the potential impact of any privacy incidents.
Define who has access to what – principle of least privilege
Clearly define and limit access privileges within your organization. Adhere to the principle of least privilege, which means granting individuals access only to the information necessary for them to perform their specific job functions. This reduces the risk of unauthorized access or misuse of personal information.
Review the privacy law with your lawyer and see how it affects your business
Collaborate with a privacy lawyer who can provide legal expertise and guidance. Review the specific requirements of the new privacy law, understand its implications for your business operations, and ensure compliance with the law’s provisions. This review will help you identify any necessary adjustments, policies, or practices that need to be implemented.
Communicate to the authorities if there is an information leak
In the event of a data breach or information leak, promptly notify the relevant authorities. This proactive communication demonstrates your commitment to transparency, cooperation, and compliance with data protection regulations. It allows authorities to investigate and take appropriate action to safeguard individuals’ privacy rights.
Our contributions
Support our customers in the protection of personal data
We are committed to assisting our customers in ensuring the security and protection of personal data. We provide guidance, resources, and best practices to help them establish robust data protection measures and comply with relevant privacy regulations.
Work with the responsible person
We collaborate closely with the designated responsible person within our customers’ organizations. By fostering a strong partnership, we ensure effective coordination and alignment of efforts in safeguarding personal data.
Provide IT human resources
We allocate qualified IT professionals to support our customers in implementing and maintaining data protection measures. These resources possess the necessary expertise to address technical aspects such as secure infrastructure setup, data encryption, access controls, and ongoing monitoring.
Communicate alerts related to protection services to you so that you can record them in your log
We proactively share any relevant alerts or notifications related to our protection services. By promptly communicating these alerts to you, you can maintain a comprehensive incident log, ensuring that all relevant information about security incidents or breaches is recorded accurately.
Support you so that you can identify personal information within your network
We assist our customers in identifying personal information within their network infrastructure. This involves conducting comprehensive assessments, analyzing data flows, and providing tools or guidance to facilitate the identification and classification of personal data. By effectively identifying personal information, our customers can implement targeted security measures and ensure appropriate handling of sensitive data.
Apply access control rules
We help our customers establish and enforce access control rules within their systems and networks. This involves defining and implementing mechanisms to restrict access privileges based on the principle of least privilege. By applying these rules, only authorized individuals can access personal data, reducing the risk of unauthorized disclosure or misuse.