The General Data Protection Regulation (GDPR) will come into force in 2018. It applies to any company worldwide which processes the personal data of European Union citizens.
Companies should ask themselves the following questions:
- Do our employees know that the law governing data processing is changing? Are they familiar with the current and forthcoming obligations?
- Are we aware of what personal data we hold, where it came from, and to whom it has been transferred?
- Do we know the new conditions governing the provision of consent by the data subject?
- Do our date processing procedures cover all individuals’ rights (i.e. deletion of personal data, provision of electronic data in a commonly used format, and the newly introduced right to data portability)?
- Are we familiar with the rules and procedures applicable to transfers of personal data to third-party countries or international organizations?
- Are we familiar with Privacy Impact Assessments and ready to implement them in our organization?
- Do we know that a personal data breach must be reported to the supervisory authority no later than 72 hours after its discovery? Do we have the right procedures in place to detect, investigate and efficiently deal with a potential personal data breach?
- Do we know when we are obliged to communicate a potential personal data breach to the data subject without undue delay?
How we can assist:
- GDPR Audit: An evaluation of current data processing practices and a risk assessment of partial or non-compliance with the new obligations.
- Raising awareness: Tailor-made information and training sessions on the new GDPR framework for key decision-makers, senior and general staff.
- Drafting of fully compliant data processing procedures and templates.
- Simulation of a DPA investigation via data protection audit.
It is time for your organization to start preparing its response to the new challenges to avoid unwanted surprises such as high penalties and reputation damage.
Our Data Protect Regulation Service is provided by experts who combine deep data protection knowledge with an ability to view your problem from every conceivable standpoint. It is tailor-made to ensure that your business remains ‘bullet proof’ to the new legal framework.