General Data Protection Regulation

General Data Protection Regulation

In May 2018, a new European privacy law called the General Data Protection Regulation (GDPR) came into effect. It regulates the processing of personal data relating to individuals in the European Union (EU), regardless of where the processing takes place. The Regulation lays down general rules to protect natural persons’ personal data and to ensure the free movement of personal data within the EU. It imposes new obligations and stricter requirements on all businesses that process personal data from EU citizens to establish a new right for individuals. Any processing of personal data should be lawful, fair, and transparent. Natural persons must be informed when their personal data are collected, used, and consulted, and to what extent they will be processed.

GDPR Influence on Business

If you are processing or holding the personal name, social security number (or any other personal identification number), address, phone number, email, location, or online identifier of an EU citizen, the GDPR applies to you. It does not matter where the processing takes place or where the company's location is. Find out how much your company complies with GDPR to avoid an administrative fine ranging from 20 million euros to 4% of its annual global revenue in case it doesn’t.

GDPR Key Requirements

Territorial Scope:

GDPR applies to all companies and entities processing the personal data of people residing in the EU, regardless of the company’s location or the location of data processing

Consent & New Rights:

An individual’s consent to the processing of their data must be specific and clearly given. Data subjects have the right to data portability, data erasure, and consent withdrawal at any given time

Breach notification within 72 hours:

Duty to report the personal data breach to the supervisory authority within 72 hours of becoming aware of the breach

Privacy By Design:

Legal requirement to embed data protection and privacy issues into processing activities and business practices

Data Protection Impact Assessment (DPIA):

Duty of a company or entity to undertake DPIA when conducting risky or large-scale processing of personal data

Data Protection Officer (DPO):

DPO must be appointed if a company or entity conducts large-scale systematic monitoring or processes large amounts of sensitive personal data

Accountability:

: A company or entity is accountable for processing personal data according to the GDPR and has to be able to prove it

Cross-border data transfer:

Restrictions on the transfer of personal data outside the EU unless certain conditions are met

Our Service Area

itialuS helps your company comply with GDPR

We offer a full range of customized services to suit an organization’s specific needs at any stage of the GDPR readiness procedure:

GDPR Assessment

Reviewing current data collection, data processing, and transit practices, then identifying gaps and areas of risks across people, processes, and technologies used.

Data Privacy Impact Assessment

Assessing risk for specific areas, systems, and projects for client organizations that are legally required to undergo Data Privacy Impact Assessment

GDPR Implementation

Designing, developing, and implementing processes and tools to address all of the company’s GDPR audit and compliance requirements related to the individual’s information.

Cybersecurity

Assessing cybersecurity posture and recommendations for the implementation of policy, processes and technologies that establish the appropriate level of security to mitigate risks

Data Breach Plan and Action

Developing and implementing notification plans for incident responses and data breaches.

Education and Training

Tailor-made training for staff on the importance of GDPR, its impact and compliance requirements, as well as their obligations and responsibilities.

Data Protection Officers (DPOs)

Assisting in monitoring internal compliance, informing and advising on the client’s data protection obligations and data protection impact assessments (DPIAs). DPOs act as a contact point for data subjects and supervisory authorities. They do not have to be employees of controllers or processors but can be external service providers. They provide all the help needed to stay compliant with the GDPR.

EU Representative

Representing companies that are not based in the EU regarding their obligations under the GDPR