General Data Protection Regulation
May 2018 saw the introduction of a new EU regulation on the handling of personal data, known as the GDPR. How prepared are you and your organization?
COMBITECH IS YOUR GDPR PARTNER FROM START TO FINISH. AND BEYOND.
You’re probably aware that the new General Data Protection Regulation (GDPR) came into force this year with the aim of protecting personal data. Combitech helps you prioritize resources and make changes to achieve compliance and ensure continuity.
The GDPR will replace local data protection laws within the EU and will involve a stricter approach to the handling and protection of personal data. The new regulation represents a tightening of regulations on how organizations operating in the EU may collect, allow access to, store and handle personal data.
The GDPR came into force on 25 May, 2018, and applies to all organizations operating in the EU or handling the personal data of EU citizens.
Want to know more? Email your questions to an expert here >>
The route to compliance
Here is some advice about what needs to be done to ensure your organization complies with the law.
- Expertise and awareness are key factors. Management and other stakeholders have to understand the implications of the GDPR. What needs to be done and why?
- Conduct a review to get an idea of the scope, both territorially and in terms of data flows. This ensures that all personal data is handled.
- Carry out an assessment to answer key questions about how personal data is collected, transmitted, processed and stored. And how individuals’ rights are ensured.
- Find out what security measures and protective mechanisms are in place to address identified risks.
- Map critical data flows to identify where personal data is stored. A data flow map makes it easier to pinpoint where security measures should be implemented.
- Based on the assessment, perform an analysis of the legal requirements that need to be fulfilled depending on the type of personal data identified. Then convert legal requirements into security requirements. Perform a gap analysis to see which requirements have already been dealt with and which still need to be addressed.
- Bear in mind that everyone who handles personal data needs to understand the implications of the GDPR. Ensure everyone receives training so they can carry out their duties properly and effectively.
A VAST NUMBER OF NEW REQUIREMENTS TO CONSIDER. WHAT STAGE ARE YOU AT?
For organizations that handle personal data using various systems, work on satisfying the new legal requirements can be extensive, as processes, IT systems and legal applications have to be reviewed and updated. Together with the introduction of fines, this means that implementing the GDPR has to be high on the agenda for all organizations affected.
“For many organizations, implementing the GDPR will involve more work than was required to manage the millennium bug.”
ACHIEVING GDPR COMPLIANCE STEP-BY-STEP
GDPR and Security Awareness
Create awareness and understanding of the GDPR. We hold a workshop for management and other stakeholders.
Data Protection Assessment
We conduct an assessment of your organization to review what personal data is handled and how. We identify and map the data flows and systems involved.
GDPR Gap Analysis and Risk Assessment
We conduct a gap analysis and risk assessment to identify critical gaps and risks and evaluate and prioritize them. This reveals which requirements have already been dealt with and which still need to be addressed to achieve GDPR compliance. The legal analysis is carried out by Combitech’s legal partner or by your legal advisers.
Implementation
We guide and help you meet the relevant security requirements which, once implemented, means you satisfy the requirements defined in the GDPR. This includes planning action programmes and implementation of measures, along with development and implementation of processes and guidelines.
GDPR continuity
Data Protection Impact Assessment (DPIA)
All controllers must perform a data protection impact assessment (DPIA) if the data processing is likely to result in a high risk for the rights and freedoms of individuals. This is done in order to assess the origin, characteristics and seriousness of the risk in question. Combitech can ensure that appropriate action is taken to demonstrate that the handling of personal data is consistent with the GDPR.
Audit, Evaluation and Continuous Improvement
Ensuring GDPR compliance over time requires organizations to regularly and actively evaluate and improve the processes that are implemented. The elements of an annual activity plan are individually tailored to each organization and are developed in consultation with the organization and legal advisers.
Training and Awareness
Everyone who handles personal data needs to understand the implications of the GDPR. We make sure everyone receives the necessary training to carry out their duties properly and effectively.
DPO for hire
Combitech’s certified GDPR consultants can take on the role as data protection officer (DPO). This ensures you have access to the necessary capabilities, available as and when your organization wishes.
