Would you like to know if the company has the right to have a list with all the passwords of the employees to access their computers?
If somewhere in the LOPD or the RGPD, it is indicated that the Data Protection Delegate must have said list to be able to access the equipment in the case of not being an employee.
What I comment below is my thought but not knowing all the obligations of the LOPD or the RGPD
I am the IT manager of the company and it is the first time that I come across this indication in my entire professional career. Knowing computer systems, I think that this goes against any computer security scheme and protocol, so it seems strange to me that this is the case.
I also find it strange because of the following:
A multinational like Repsol, if the users have to change the password every 6 months. That you have to communicate your password to the data protection officer….
If all the companies had to have that list, as I have been told, I don't think I know if there would be any company that complied with the LOP or the RGPD