S 2.507 Organisational procedures for protecting the rights of data subjects regarding the processing of personal data

Initiation responsibility: IT Security Officer, Specialists Responsible

Implementation responsibility: Specialists Responsible, IT Security Officer

Technical-organisational procedures must be developed in order to ensure the enforcement of the rights to information, correction, blocking, deletion, as well as viewing file and/or procedural directories (if such directories are mandatory) of the persons concerned.

These procedures must be designed in such a way that the rights of the persons concerned can be enforced quickly and expediently.

Examples:

• A procedure for processing personal data includes an analysis program or a menu item that can be used to generate a complete print-out of the stored data of the person concerned.
• A procedural directory is automated with the help of a database in such a way that certain keywords can be entered in order to very easily gain access to the comprehensive database allowing for the identification of all cross references.

Review questions:

• Are there technical-organisational procedures for protecting the rights of the persons concerned during the distribution of personal data?