GDPR

GDPR Compliance

GDPR
The General Data Protection Regulation (GDPR)
Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data. The regulation is an essential step to strengthen citizens' fundamental rights in the digital age and facilitate business by simplifying rules for companies in the digital single market. A single law will also do away with the current fragmentation and costly administrative burdens. The regulation came into force on 24 May 2016 and will apply from 25 May 2018.

GDPR Compliance

  Ask a question to our experts

Get free consultation
on GDPR compliance

About GDPR

The General Data Protection Regulation (GDPR) is a new comprehensive legal act which replaces the EU Data Protection Directive 95/46/EC to harmonize the data protection legislation within the EU and strengthen the protection of “personal data” (any information relating to an person who can be identified, directly or indirectly, in particular by reference to an identifier such as a name, an identification number, location data, online identifier or to one or more factors specific to the physical, physiological, genetic, mental, economic, cultural or social identity of that person.).
The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services (whether paid or free) to, or monitor the behavior of, EU data subjects (monitoring can be anything from putting cookies on a website to tracking the browsing behavior of data subjects to high tech surveillance activities). It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
In order to be compliant with the General Data Protection Regulation (GDPR) EU companies as well as companies, which process personal data of EU citizens must determine whether they act as Controllers (determine the purposes and means of the processing of personal data), Processors (process personal data on behalf of the controller) or both and establish Policies and Processes relevant to their type. To be GDPR compliant it is critical to:
  • Designate someone to take responsibility for data protection compliance and assess where this role will sit within the company structure and governance arrangements – mandatory if the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale, or processing on a large scale of special categories of data and personal data relating to criminal convictions and offences, and recommended in other cases.
  • Account for Data Processing Activities within the Company and personal Data involved in it, identify the lawful basis for processing activities, and, if needed, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data;
  • Review company’s policies and procedures to ensure that they properly reflect GDPR requirements, especially Data Subject Rights and Requests, Managing Suppliers and International Data Transfers;
  • Adopt a privacy by design approach;
  • Make sure that the right procedures are in place to detect, report and investigate a personal data breach;
  • Establish corporate awareness and regular monitoring program to sustain compliance on an ongoing basis.
  • Our approach to fulfilling the requirements of GDPR

    Methodology

    Our methodology of implementation of GDPR compliant Privacy Program is based on the experience the successful projects implementation and maintenance of the Information Security Management Systems and allows to implement required controls within a reasonable timeline and without heavy resource investment from the customer side. Our approach is to start with getting a comprehensive understanding of the customer environment and current GDPR compliance position; to continue with a definition of a remediation plan to address any gaps; and to conclude with bringing in our experts into implementing remediation activities.

    Documentation

    We will help identify all the necessary processes required for GDPR compliance and provide methodical assistance in establishing them, as well as help develop appropriate documentation in accordance with the specifics of your organization.

    Support

    We provide professional assistance in maintaining the compliance with the GDPR requirements, by means of GDPR trainings tailored to your company’s specific requirements, as well as third-party audits to ensure greater compliance validation than that of a self-assessment.

    Ask us about GDPR compliance