With the entry into force of the Regulation (EU) 679/2016 and the Organic Law 3/2018 on the Protection of Personal Data and the guarantee of digital rights among its novelties is highlighted the principle of proactive responsibility that companies must perform to maintain good security measures for the protection of the personal data.
This principle requires greater participation and involvement of companies to ensure a level of security appropriated to the possible risks.
To that end, technical and organizational measures should be implemented. Among these measures we must highlight the creation of passwords for each worker of the company in order to establish a protocol of access and ensure the confidentiality of data.
Previously, the prior Organic Law 15/1999 and the Royal Decree 1720/2007 established the implementation of passwords as a security measure. In addition, they established the frequency of changing passwords that could not exceed one year.
Unlike the previous regulations and according to the principle of proactive responsibility, companies should change passwords in less time, ideally between one to three months at most and the composition should be of 8 or more alphanumeric characters since the longer the password is, the more protection will be given against possible intrusions by third parties. In addition, a number of repeated attempts of erroneous access must be placed between 3 and 5 attempts, after those the access will be blocked and will have to be unlocked by a profile with administrator rights of the system.
In conclusion, the implementation of security measures, in this case the techniques ones, allows the company to protect its data and comply with the principle of proactive liability as established by the regulations in force regarding data protection.