Our approach towards consulting
Objectives
- Unify & simplify protection & privacy within the European Union (EU) for personal data of EU citizens
- Strengthen citizens right and give them back control over their data
- Adapt data protection to new technological developments
The regulation entered into force in May 2016 and its direct application will take effect after two years, meaning as from May 2018
Who is Impacted?
Within European Union
- Every Public or Private Organization, including subcontractors, processing personal data in the context of the activities establishment in EU
Outside European Union
Sub-contractors and/or Companies Outside Europe when the processing are related to
- Offering of goods or services to persons in the European Union
- Monitoring of behaviour as far as behaviour takes place within the Union
WHY: WHAT ARE THE RISKS IF YOU ARE NOT COMPLIANT?
- Fines up to €20 Million or 4% of the Worldwide Annual Turnover, whichever is the highest
- Risk of damaging your company reputation due to:
- Direct dissatisfaction of clients to exercise their rights
- Consequential impacts from bad news (e.g. press communications)
NEEDS: WHAT ARE THE KEY REQUIREMENTS?
Privacy by Design
Ensure technical and organisational protection measures (native, permanent and monitored protection of personal data against destruction, loss, dissemination, alteration or access)
Security by Default
Minimize collected and retained personal data Limit Storage in time (no longer than is necessary for the purpose for which the personal data are processed)
Data Accountability
Identify, document and justify any personal data processing. Process data only for specified, explicit and legitimate Business purpose and recipient. Ask explicit consent
Respect of Individual Rights
Respect the data subjects rights :
To be informed, To access, To rectify, To object, To be forgotten, To transfer.
Stick to the specific and lawful purposes
Breach Notification
Embed Breach Management in the Information Security Incident Management. Ensure clear communication streams with the data protection authorities and stakeholders