What is GDPR?
The EU’s General Data Protection Regulation (GDPR), which applies as of May 25th 2018, supersedes all EU member state’s national data protection laws.
The Regulation brings a 21st century approach to data protection. It expands the rights of individuals to control how their personal information is collected and processed, and places a range of obligation on organizations to be more accountable.
Who does the GDPR affect?
GDPR greatly expands the scope of EU data protection law, covering both controllers and processors that are established in the EU. In addition it has extra-territorial effect and applies to controllers and processors who are not established in the EU but who nevertheless supply goods or services to data subject within the EU or carry out the monitoring of their behaviour.
Organizations that process personal data must not only comply, but also be able to demonstrate their compliance, with the Regulation’s requirements.This involves taking a risk-based approach to data protection, ensuring appropriate policies and procedures are in place to deal with the principles of transparency and accountability, as well as individual’s rights. Failure to comply with GDPR may lead to the imposition of administrative fines. The non-compliance fines are established on a tiered system, and depend on the gravity of the damage, or on the obligations breached.
There are two tiers of administrative fines :
– Up to €10 million, or 2% annual global turnover- whichever is higher.
– Up to €20 million, or 4% annual global turnover- whichever is higher.
How our office can help you achieve compliance?
Reviewing and updating your data protection documentation and commercial agreement to align with the GDPR can be a time consuming and legal complex task.
Our office is ready to help you identify how GDPR impacts your company and support you in the following areas:
– Overall revision of your current personal data processing, including gap analysis, analysis of data, data protection impact assessment.
– Preparation of internal guidelines, working procedures and manuals, employee’s accord for data processing.
– Data Protection Office services.
– Preparation and review of Privacy notices and policies.
– Review, draft and update contracts with suppliers, customers and employees in alignment with the GDPR.
– Managing data security breaches.
– Other services according to your specific needs and requirements.
FOR FURTHER INFORMATION PLEASE FEEL FREE TO CONTACT US