General Data Protection Regulation - GDPR (General Data Protection Regulation) Regulation (EU) 2016/679 on the protection of natural persons with regard to the processing of personal data and on the free movement of such data.
GDPR (ISO 27701)
GDPR Compliance
GDPR (ISO 27701)
Общая информация
General Data Protection Regulation (GDPR).
Кто должен соответствовать?
The GDPR applies to processing carried out by organizations operating within the EU. It also applies to organizations outside the EU that offer goods or services (whether paid or free) to, or monitor the behavior of, EU data subjects (monitoring can be anything from putting cookies on a website to tracking the browsing behavior of data subjects to high tech surveillance activities).
It applies to all companies processing and holding the personal data of data subjects residing in the European Union, regardless of the company’s location.
Как соответствовать?
In order to be compliant with the General Data Protection Regulation (GDPR) EU companies as well as companies, which process personal data of EU citizens must determine whether they act as Controllers (determine the purposes and means of the processing of personal data), Processors (process personal data on behalf of the controller) or both and establish Policies and Processes relevant to their type.
Our approach for GDPR compliance
Methodology
Our methodology of implementation of the GDPR compliant Privacy Program is based on the experience the successful projects implementation and maintenance of the Information Security Management Systems and allows to implement required controls within a reasonable timeline and without heavy resource investment from the customer side. Our approach is to start with getting a comprehensive understanding of the customer environment and current GDPR compliance position; to continue with a definition of a remediation plan to address any gaps; and to conclude with bringing in our experts into implementing remediation activities.
Documentation
We will help identify all the necessary processes required for GDPR compliance and provide methodical assistance in establishing them, as well as help develop appropriate documentation in accordance with the specifics of your organization.
Support
We provide professional assistance in maintaining the compliance with the GDPR requirements, by means of GDPR training tailored to your company’s specific requirements, as well as third-party audits to ensure greater compliance validation than that of a self-assessment.
6 steps to GDPR compliance
Step 1
Designate someone to take responsibility for data protection compliance and assess where this role will sit within the company structure and governance arrangements – mandatory if the core activities of the controller or the processor consist of processing operations which, by virtue of their nature, their scope and/or their purposes, require regular and systematic monitoring of data subjects on a large scale, or processing on a large scale of special categories of data and personal data relating to criminal convictions and offences, and recommended in other cases;
Step 2
Account for Data Processing Activities within the Company and personal Data involved in it, identify the lawful basis for processing activities, and, if needed, carry out an assessment of the impact of the envisaged processing operations on the protection of personal data;
Step 3
Review company’s policies and procedures to ensure that they properly reflect GDPR requirements, especially Data Subject Rights and Requests, Managing Suppliers and International Data Transfers;
Step 4
Adopt a privacy by design approach;
Step 5
Make sure that the right procedures are in place to detect, report and investigate a personal data breach;
Step 6
Establish corporate awareness and regular monitoring program to sustain compliance on an ongoing basis.