Natural persons have the right not to succeed in deciding on the automated processing. On the one hand, there are strict exemptions from that principle, e.g. the granting of a consensus by a person subject to such a decision. With the exception of the automated decision-making of the results of the regulations, your company has the following obligations:
- inform the physical person about automated decision making
- acknowledge the right of a natural person to request the verification of an automatic decision by a person
- to enable natural persons to invest in automated decisions.
For example, if a bank enters into an automated decision in order to grant the person’s loans, the person is required to remain informed and the possibility of investing in such a decision and insolvency.
Data protection violations – appropriate notification
The breach of the protection of the data is incidental or inconsistent with the law of unjustified data recipients for whom it is still liable, and thus the timing of the unreasonability of such data or their change. If a breach of data protection occurs and it is protected by the rights and freedom of a natural person, it is within 72 hours of the confirmation of the breach to inform its data protection authority.As a result of the breach of the protection of the authorities at high risk for the persons concerned, your company may also be required to provide adequate information to all such persons.
Response to applications concerning the protection of data
When your company receives an application from a person who wishes to carry out its rights, it is your responsibility to answer without undue delay and at any time within 1 month of receiving the application. The response time may be extended by 2 months in the event of complicated and complex applications, subject to notification of the applicant. Disclosure of fees should be free of charge.In the event of a rejection, the person concerned shall be informed of the reasons for the rejection and of his or her right to the composition of the protection body.
Assessment of deeds
Accompanying the assessment of the protection of data protection is binding, as planned reorganization of these data is linked to the high risk of violation of the rights and freedoms of natural persons, as is the case with current technology.
High risk shows when:
automated data processing and profiling are used in the evaluation of natural persons
the town is publicly accessible on a large rock (eg with the use of industrial television)
specific categories of taxes or personal data affecting declarations and violations of rights are processed on a large rock (eg health taxes).
Note: The data protection authorities may also recognize the inclusion of other categories as high risk.
If the measures considered in the assessment of the protection of the data are not eliminated by all identified high-risk products, they should be consulted prior to accession to the planned deterrence.
Registration management
It must be concluded, in particular at the request of the protection body concerned or during the inspection, that your company has complied with RODO and will carry out all work relating to it.
You can do it, among other things. conducting a detailed register of the following information:
- names and contact details of your company interested in processing the data
- personal transport charges
- categories of persons representing personal taxes
- categories of personal tax organizations
- information on the transfer of the persons concerned to another country or organization
district of personal data - a description of the security measures used to process the persons concerned.
In addition, your company is required to maintain and regularly update written procedures and to make them available to employees.