FACILITA EMPRENDE INGLÉS

Castellano | English

 

FACILITA - EMPRENDE is an online tool provided by the AEPD that is intended to simplify compliance with the data protection of products and services. It is aimed at entrepreneurs and startups (less than 10 years old) and with high growth expectations who carry out processing operations characterised by the use of emerging technologies, understood as those technologies that represent a change in our way of living, relating and operating in the market and that are still in the process of development and evolution.

You must take into account that any of the data processing operations you carry out in the context of the management of your business activities, as controller, or as a result of the services provided to third parties, as a processor, may not be considered low-risk data processing.  This would be the case, for example, if the controller of the processing offered a mobile app to its users to collect geolocation data in order to provide certain services according to the location or web applications that profile users to offer them targeted services. In those cases, a more detailed risk analysis for the rights and freedoms of individuals will be necessary, making use of alternative tools such as GESTIONA – EIPD.

FACILITA - EMPRENDE, through the questions it raises, will help you identify these types of situations and characterize your risk profile. Throughout the following screens, you will be asked a series of questions to verify if the tool is suitable for your company and characterize your processing operations. The complete flow is divided into three parts or sections.

  • During the first part, very brief, it is evaluated whether your organization fits into the profile of a technological startup, identifying the technologies used and collecting the basic data that are necessary to personalize the documentation is going to be generated.
  • In the second part, information on those basic processing activities that your company may be managing as responsible is collected, as well as the identification data of those third parties that are providing a service to your business. From this data, the tool will generate useful information to help you comply with your data protection obligations: preparation of records of processing activities, informative clauses, models of contracts with data processors, etc.
  • Finally, in the last section, which is variable in duration according to the options you have marked when characterizing your business model and the technological solutions is based on, your processing activities supported by emerging technologies are analyzed, characterizing, for each of them, the level of risk they represent. Based on the analysis of the data, the purposes and the risk factors selected, the tool makes a recommendation regarding the approach to risk management that the entity should follow.

The time to complete the requested data is about 30 minutes, although it depends on the number of processing activities that are selected.

Once completed, the data provided will be deleted and under no circumstances will the Spanish Data Protection Agency be able to know about or process the information provided.

As a result, a base document adapted to the processing operations carried out by your company is generated which provides the necessary references to be taken into account for personally concluding the process of adaptation to the GDPR and the LOPDGDD. This is why the generated document includes the minimum requirements that shall be validated and completed with the particular situation of the processing operations carried out by the entity. Do not forget that no document needs to be submitted to the Spanish Data Protection Agency. Documents must only be available in case a request is made to submit them

The use of this tool does not guarantee by itself and automatically full compliance with the regulation on data protection and it should be understood as an interactive resource for support in the context of the necessary activities to address compliance with the GDPR.

If you do not see the image correctly, click here to change it