First Class Fitness

Consultation

The consultation deals with the possibility to scan physical documents (proving the fulfilment of the duty of information as well as the obtaining of consent) to computer support. We assume 12.3 article RDLOPD which provides that the controller shall be responsible the proof of the existence of the consent of the affected by any means of admissible evidence in law. For its part, art. 18 RDLOPD lays down that 1.-the duty of information refers to which article 5 data protection act should be carried out through a means that allows to prove your compliance, and shall keep as long the processing of data of the affected. 2 () in particular may proceed to the scanning of documentation on paper, provided to ensure that such Automation has not mediated alteration of original media.

Interesting reference is the judgment 15/07/2010 the Supreme Court establishes that article 18 RDLOPD establishes an additional obligation apart from the law, indicating, among other arguments legal: () the duty to inform must be prior to the collection, but unless that information has to be express, precise and unequivocal, contains no reference to the shape, thereby opening multiple possibilities (). The Supreme Court Annuls this art. 18 and determines that it should govern the principle of freedom of form for proof of obtaining the consent of the person concerned, both as to the fulfilment of the duty of information. Therefore, since Audea understand, as he points out own AEPD, scanning the documents constituting a valid and appropriate test environment. However, if it is the replacement of the original paper documents by a computer support, be credited, in his case, that those have not been altered in the automation process.

Thus, data protection law does not impose the use of specific technical means and consequently, the use of a tool is not enforceable technological determined for the digitization of documents, provided that the Manager can ensure the security of data. As he points out the AEPD, you need to determine what measures should be taken to ensure that you there is an alteration of documents in case of order to a third party documentation scanning and the destruction of papers. Another noteworthy point is the Service contracted to a third party. In this case, it is necessary that access to the data by the third party (company that scans and destroys documents) is carried out with the sole purpose of providing the service to the owner of the file. We understand that it will be necessary to identify, following the guidelines of the AEPD points: first.-the relationship of services must be contractually established (art. 12 LOPD content). Second.-the company to scan and destroy documents on behalf of third parties, will have to adopt the same measures of safety than those imposed to the owner of the file, and must translate into timely contract private security measures. Third.-the responsible for the file or treatment, as well as requiring safeguards it deems appropriate to the company responsible for the treatment prior to the conclusion of the contract, will be entitled to carry out controls during the period of validity of the same, in order to verify compliance with established security measures and adopt, where necessary, corrective action.