The controller or the processor shall take appropriate organisational and technical measures in order to protect personal data from unlawful or accidental destruction, accidental loss, from access or disclosure to unauthorised persons, especially when the processing of data takes place in a network, as well as from any other unlawful form of processing.
The controller shall take the following special security measures:
- defines the functions of the organisational units and those of the operators as regards the use of data;
- data shall be used with the order of authorised organizational units or operators;
- instructs all operators concerning their obligations, in conformity with this law and the internal regulations on data protection, including the regulations on data security;
- Prohibits access of unauthorised persons to the working facilities of the data controller or processors;
- data and programmes shall be accessed only by authorised persons;
- Prohibits access to the filing system and their use by unauthorised persons;
- Operation of the data processing equipment shall be carried out upon authorisation and every device shall be secured with preventive measures against unauthorised operation;
- records and documents the alteration, rectification, erasure, transfer, etc.
The controller is obliged to document the technical and organisational measures adjusted and implemented to ensure protection of personal data in compliance with the law and other legal regulations.
The data recorded shall not be used for different purposes which are not compliant with the purpose of collection. Acquaintance with or processing of the data registered in files for a purpose other than the right to enter the data shall be prohibited. In case data are used to guarantee national security, public security, for prevention or investigation of a criminal offence, or prosecution of the author thereof, or of any infringement of ethics for the regulated professions, it is exempted from this rule. Documentation of the data shall be kept for as long as it is necessary for the purpose for which they were collected.
The security level shall be in compliance with the nature of personal data processing. Detailed rules on data security shall be specified by decision of the Commissioner. Procedures for the administration of the data registration, data entry, their processing and disclosure shall be regulated by a decision of the Commissioner.
Controllers, processors and persons who come to know the content of the processed data while exercising their duty, shall remain under obligation of confidentiality and credibility even after termination of their functions. These data shall not be disclosed save when otherwise provided by law. Everyone acting under the authority of the controller or the processor shall not process the personal data to which he or she has access, without the authorisation of the controller, unless it is mandatory by law.
Social Media cookies collect information about you sharing information from our website via social media tools, or analytics to understand your browsing between social media tools or our Social Media campaigns and our own websites. We do this to optimise the mix of channels to provide you with our content. Details concerning the tools in use are in our Privacy Notice.