Our approach towards consulting

Objectives

  • Unify & simplify protection & privacy within the European Union (EU) for personal data of EU citizens
  • Strengthen citizens right and give them back control over their data
  • Adapt data protection to new technological developments

The regulation entered into force in May 2016 and its direct application will take effect after two years, meaning as from May 2018

Who is Impacted?

Within European Union

  • Every Public or Private Organization, including subcontractors, processing personal data in the context of the activities establishment in EU

Outside European Union

Sub-contractors and/or Companies Outside Europe when the processing are related to

  • Offering of goods or services to persons in the European Union
  • Monitoring of behaviour as far as behaviour takes place within the Union

WHY: WHAT ARE THE RISKS IF YOU ARE NOT COMPLIANT?

  • Fines up to €20 Million or 4% of the Worldwide Annual Turnover, whichever is the highest
  • Risk of damaging your company reputation due to:
    • Direct dissatisfaction of clients to exercise their rights
    • Consequential impacts from bad news (e.g. press communications)

NEEDS: WHAT ARE THE KEY REQUIREMENTS?

Privacy by Design

Ensure technical and organisational protection measures (native, permanent and monitored protection of personal data against destruction, loss, dissemination, alteration or access)

Security by Default

Minimize collected and retained personal data Limit Storage in time (no longer than is necessary for the purpose for which the personal data are processed)

Data Accountability

Identify, document and justify any personal data processing. Process data only for specified, explicit and legitimate Business purpose and recipient. Ask explicit consent

Respect of Individual Rights

Respect the data subjects rights :

 To be informed, To access, To rectify, To object, To be forgotten, To transfer.

Stick to the specific and lawful purposes

Breach Notification

Embed Breach Management in the Information Security Incident Management. Ensure clear communication streams with the data protection authorities and stakeholders

×