Law Firm Dyulgerova and Penkova Home     About Us     Contacts
Practices Articles Membership
Recognitions
News
Home / News / New Ordinance on the Minimum Level of Technical and Organizational Measures and Admissible Type of Personal Data Protection
Practices


Construction Law and FIDIC Conditions of Contract
Customs and Tax law
Public Procurement Law
Corporate and Commercial Law
Litigation and Debt Collection
Commercial Insolvency
Real Estate Law
Insurance Law
Employment and Social Insurance Law
Intellectual Property Law
Energy Law
Immigration Law
Latest News


archive by year
2017  |  2016  |  2015  |  2014  |  2013  |  2012  |  2011
New Ordinance on the Minimum Level of Technical and Organizational Measures and Admissible Type of Personal Data Protection

The Ordinance on the Minimum Level of Technical and Organizational Measures and Admissible Type of Personal Data Protection was adopted on January 30, 2013 by the Commission for Personal Data Protection and was promulgated in SG on February 12, 2013 This Ordinance repeals Ordinance No. 1 dated February 7, 2007 (SG, issue 25 of March 23, 2007).
 
Pursuant to the Ordinance no later than August 15, 2013 the controller shall determine the level of impact of the registers with personal data processed thereby. This should be done by all personal data controllers and the procedure is not complicated, while the controller has the right to determine the level of impact, while complying with the requirements set forth in the Ordinance.
 
Representatives of the Commission for Personal Data Protection explain that the Ordinance is to ensure an adequate level of protection of personal data in the maintained personal data registers depending on the nature of the data and the number of affected persons upon the violation of their protection. The main objectives of data protection are defined - confidentiality, integrity and availability, and certain types of personal data protection are specified. The essence of the different types of protection is clarified, as well as the corresponding to each type organizational and/or technical measures.
 
In order to determine the adequate level of these measures and admissible type of protection, the controllers are required to carry out a periodic assessment of the impact on the personal data processed. A result of the impact assessment is the determination of the level of impact and the corresponding level of protection.
 
The Ordinance introduces four levels of impact depending on the nature of the personal data processed and the number of affected individuals upon violation of confidentiality, integrity or availability of personal data. Depending on the level of impact the appropriate level of protection is determined. For each protection level the necessary technical and organizational measures, which shall be undertaken by the personal data controllers, are specified. The implementation of these measures is performed by the data controller or his authorized representative on the protection of personal data. The controller can define more than one person on the protection of personal data. A fundamental principle of access to the data is "need to know".
 
Within 6 months of the entry into force of the Ordinance, namely until August 15, 2013, the controller shall determine the level of impact of the registers processed thereby.
 
For registers with personal data kept up to the moment of entry into force of the new Ordinance, the following deadlines for the implementation of protection measures, considered from the time of determining the level of impact, are specified:
  • for low - up to six months;
  • for average - up to nine months;
  • for high and very high - up to one year.
 
The Ordinance on the Minimum Level of Technical and Organizational Measures and Admissible Type of Personal Data Protection was issued on the grounds of Art. 23, Para. 5 of the Personal Data Protection Act and is in effect as of February 15, 2013
 
As a result of the new requirements changes in the internal policies for personal data protection may be necessary to be made.
 
Every two years, the personal data controllers will determine the appropriate level of protection for the different types of data. In addition, they will have to train some of their employees, who shall be responsible for the processing and protection of personal data.
 
   
We use cookies to ensure we give you the best browsing experience on our website. Find out more on how we use cookies and how you can change your settings.

Cookies

What are cookies ?

A cookie is a small text file that a website saves on your computer or mobile device when you visit the site. Cookies are widely used in order to make websites work, or work more efficiently, as well as to provide information to the owners of the site.

How do we use cookies?

Website use Google Analytics, a web analytics service provided by Google, Inc. ("Google") to help analyse the use of this website. For this purpose, Google Analytics uses"cookies", which are text files placed on your computer.

The information generated by the cookies about your use of this website - standard internet log information (including your IP address) and visitor behaviour information in an anonymous form - will be transmitted to and stored by Google including on servers in the United States. Google will anonymize the information sent by removing the last octet of your IP address prior to its storage.

According to Google Analytics terms of service, Google will use this information for the purpose of evaluating your use of the website and compiling reports on website activity.

We not use, and not allow any third party to use the statistical analytics tool to track or to collect any personally identifiable information of visitors to this site. Google may transfer the information collected by Google Analytics to third parties where required to do so by law, or where such third parties process the information on Google`s behalf.

According to Google Analytics terms of service, Google will not associate your IP address with any other data held by Google.

You may refuse the use of Google Analytics cookies by downloading and installing Google Analytics Opt-out Browser Add-on. The add-on communicates with the Google Analytics JavaScript (ga.js) to indicate that information about the website visit should not be sent to Google Analytics.

Cookies are also used to record if you have agreed (or not) to our use of cookies on this site, so that you are not asked the question every time you visit the site.

Google Analytics Opt-out Browser Add-on

How to control cookies?

You can control and/or delete cookies as you wish. You can delete all cookies that are already on your computer and you can set most browsers to prevent them from being placed.

All about cookies

Managing cookies in your browser

Most browsers allow you to:
  • see what cookies you have got and delete them on an individual basis
  • block third party cookies
  • block cookies from particular sites
  • block all cookies from being set
  • delete all cookies when you close your browser

If you chose to delete cookies, you should be aware that any preferences will be lost. Also, if you block cookies completely many websites (including ours) will not work properly and webcasts will not work at all. For these reasons, we do not recommend turning cookies off when using our webcasting services.
X