What is GDPR ?
After four years of preparation and debate, the EU Parliament finally approved the GDPR on 14 April 2016. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.
The GDPR has been enforced from 25 May 2018. The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.
What Are The New Regulatory Requirements?
Privacy by Design – Article 25 of the GDPR codifies both the concepts of privacy by design and privacy by default. Under this requirement, an organization (data controller) is required to implement appropriate technical and organisational measures both at the time of determination of the means for processing and at the time of the processing itself in order to ensure data protection principles such as data minimisation are met.
Privacy Impact Assessments (PIA) – When certain data associated with subjects is to be processed, companies will have to first analyse the overall risk and impact to their privacy.
Right to Erasure and To Be Forgotten – The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.
Data Breach Notification –Companies will have to notify data authorities within 72 hours after a breach of personal data has been discovered.
Penalties & Fines – The GDPR has a tiered penalty structure. Breaches that are more serious can result into a fine of up to 4% of a company’s global revenue. A smaller fine of up to 2% of global revenue — still enormous — can be issued if company records are not in order or a supervising authority and data subjects are not notified after a breach.
How We Can Help?
Our GDPR experts will work with you to determine the best mix of assessments and services tailored for your business. Talk to our GDPR experts about your data security and compliance needs. Our experts shall offer the following professional services:
After four years of preparation and debate, the EU Parliament finally approved the GDPR on 14 April 2016. The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonise data privacy laws across Europe, to protect and empower all EU citizens’ data privacy and to reshape the way organisations across the region approach data privacy.
The GDPR has been enforced from 25 May 2018. The Regulation extends the data rights of individuals, and requires organisations to develop clear policies and procedures to protect personal data, and adopt appropriate technical and organisational measures.
What Are The New Regulatory Requirements?
Privacy by Design – Article 25 of the GDPR codifies both the concepts of privacy by design and privacy by default. Under this requirement, an organization (data controller) is required to implement appropriate technical and organisational measures both at the time of determination of the means for processing and at the time of the processing itself in order to ensure data protection principles such as data minimisation are met.
Privacy Impact Assessments (PIA) – When certain data associated with subjects is to be processed, companies will have to first analyse the overall risk and impact to their privacy.
Right to Erasure and To Be Forgotten – The right to erasure is also known as ‘the right to be forgotten’. The broad principle underpinning this right is to enable an individual to request the deletion or removal of personal data whether there is no compelling reason for its continued processing.
Data Breach Notification –Companies will have to notify data authorities within 72 hours after a breach of personal data has been discovered.
Penalties & Fines – The GDPR has a tiered penalty structure. Breaches that are more serious can result into a fine of up to 4% of a company’s global revenue. A smaller fine of up to 2% of global revenue — still enormous — can be issued if company records are not in order or a supervising authority and data subjects are not notified after a breach.
How We Can Help?
Our GDPR experts will work with you to determine the best mix of assessments and services tailored for your business. Talk to our GDPR experts about your data security and compliance needs. Our experts shall offer the following professional services:
- Data Governance & Privacy Management Framework
- Personal & Sensitive Data Identification & Discovery
- Data Privacy Risk & Impact Assessment
- GDPR Compliance Gap Analysis
- Data Protection by Design
- Data Protection Officer Service
- Incident Management process review
- Data Security Management Review
- GDPR and Data Protection Advisory Services
To find out more how we can help your business achieve and maintain GDPR compliance, please contact us today.