Consulting services to help you become GDPR compliant
The General Data Protection Regulation (GDPR) will take effect across the EU on May 25, 2018. Organizations have two years to adapt to the new law, and for many organizations this implies significant changes and some difficult decisions.
Fines up to 4 % of annual worldwide turnover
Under the new legislation, companies may be fined up to €20 million or 4% of annual worldwide turnover (whichever is higher), depending on the nature of the violation. It will serve as motivation for organizations to prioritize privacy issues and the protection of personal information on a whole new level than before.
There are other arguments for looking at privacy more closely; personal information is often one of the most valuable assets an organization has. Consequently, shouldn’t risk management processes and controls already be in place?
Start with a GDPR pre-study
1. Pre-study / Risk analysis
Identify the personal information you process and for what purpose(s) and perform a data privacy impact assessment.
2. Establishment of controls and compliance
Based on the outcome of the assessment, high risk personal data needs to be adequately protected. As protection of personal data must be included by default in all systems, safeguards must be implemented for all systems involved in the processing of personal information.
3. Processes of communication
The person whose data are collected should be informed about what data is collected and how it will be used. This is regulated today, but the rules will be much stricter to strengthen the individual’s privacy and security.
4. Supplier requirements
For those who outsource services involving personal data, additional demands on suppliers must be implemented. Regardless of where the supplier is located, GDPR compliance is required if processing EU citizen personal data.