GDPR Compliance Solutions
The General Data Protection Regulation 2016/679 (GDPR) was passed on 27 April 2016 and is mandatory for all Member States of the European Union since 25 May 2018, creating a single legal framework without the need for national legislation and by deleting existing legislation. The new regulation significantly increases the obligations of businesses, and the size of the fines are set too high on the top management agenda. Object of the General Regulation 2016/679: The establishment of a single legal framework for the processing of personal data in the Member States of the European Union, which sets out a series of restrictions and new obligations on businesses regarding:
- The processing of personal data throughout its life cycle, from collection to destruction
- Transferability to other countries
- Protecting the rights of individuals
- Security (privacy, integrity, availability) of personal data
- The disclosure actions that the business should do in the event of a violation
In the event of a breach, substantial increased fines are foreseen, which, depending on the breach's type and size, reach up to EUR 20 million or 4% of world annual turnover.
Who is concerned? All private and public enterprises and government authorities that in any way collect, process and generally manage customer personal data, related to their customers, employees, associates or other individuals. As a result, the new regulation applies practically to all businesses, inside and outside the European Union, as long as the data concern European citizens.
Obligations that arise. Companies and organizations subject to compliance should:
- To follow the basic principles of personal data protection, to collect the personal data for a specific legitimate purpose and only those that are necessary
- Do not make them further processed in a way that is incompatible with the purpose
- To store them for the shortest possible period of time, to receive - where appropriate - the free and explicit consent of natural persons
- Transferring them to non-EU countries only under certain conditions, to give access to personal data to their partners only under specific circumstances and if they prove their compliance with the new regulation
- Develop electronic tools for timely and free response to requests for: withdrawal of consent, access to data, correction of data, deletion of data, limitation of processing, delivery of data in electronic form, transfer of data to another organization
- Communicate appropriately and in a timely manner to natural persons their rights to ensure the security of personal data throughout their life cycle,
- Keep records and notify any violation of the data within 72 hours to the Data Protection Authority and to natural persons with direct information or public notice
- Prove that they comply with all the requirements of the Regulation.
Problems to be addressed. Businesses and organizations subject to compliance with the Regulation have the following problems under the new regulation:
- Precise knowledge of what data they collect and process at each stage of their activities, who they are involved with and with which tools and procedures
- Accurate definition and separation of business needs to ensure that all the required consent of the subject is ensured and no redundancy is processed
- Systematic control to meet the requirements of the Regulation at each stage of data processing
- Assessing risks that may lead to violation of personal data, resulting in severe financial penalties and impact on corporate reputation
- Getting effective digital - using artificial intelligence - to mitigate the risk of breaches of the regulation, without compromising the business priorities of the business.
Services we offer. We have formed a working group and with our experience in providing integrated services to small, medium, large companies and organizations in Greece and Cyprus we support you with the following services:
- Diagnosing and mapping the level of compliance with the new regulation by creating a processing activity archive
- Privacy Impact Assessment on data protection to identify the most important risks
- Proposed Compliance Plan, support and guidance in their implementation for holistic compliance
- Development of policies and procedures for the protection of personal data, in a complete system
Contact for more information: skassios(at)gmail.com
Σχόλια
Δημοσίευση σχολίου