General Data Protection Regulation
May 2018 saw the introduction of a new EU regulation on the handling of personal data, known as the GDPR. How prepared are you and your organization?
May 2018 saw the introduction of a new EU regulation on the handling of personal data, known as the GDPR. How prepared are you and your organization?
You’re probably aware that the new General Data Protection Regulation (GDPR) came into force this year with the aim of protecting personal data. Combitech helps you prioritize resources and make changes to achieve compliance and ensure continuity.
The GDPR will replace local data protection laws within the EU and will involve a stricter approach to the handling and protection of personal data. The new regulation represents a tightening of regulations on how organizations operating in the EU may collect, allow access to, store and handle personal data.
The GDPR came into force on 25 May, 2018, and applies to all organizations operating in the EU or handling the personal data of EU citizens.
Want to know more? Email your questions to an expert here >>
Here is some advice about what needs to be done to ensure your organization complies with the law.
For organizations that handle personal data using various systems, work on satisfying the new legal requirements can be extensive, as processes, IT systems and legal applications have to be reviewed and updated. Together with the introduction of fines, this means that implementing the GDPR has to be high on the agenda for all organizations affected.
“For many organizations, implementing the GDPR will involve more work than was required to manage the millennium bug.”
GDPR and Security Awareness
Create awareness and understanding of the GDPR. We hold a workshop for management and other stakeholders.
Data Protection Assessment
We conduct an assessment of your organization to review what personal data is handled and how. We identify and map the data flows and systems involved.
GDPR Gap Analysis and Risk Assessment
We conduct a gap analysis and risk assessment to identify critical gaps and risks and evaluate and prioritize them. This reveals which requirements have already been dealt with and which still need to be addressed to achieve GDPR compliance. The legal analysis is carried out by Combitech’s legal partner or by your legal advisers.
Implementation
We guide and help you meet the relevant security requirements which, once implemented, means you satisfy the requirements defined in the GDPR. This includes planning action programmes and implementation of measures, along with development and implementation of processes and guidelines.
Data Protection Impact Assessment (DPIA)
All controllers must perform a data protection impact assessment (DPIA) if the data processing is likely to result in a high risk for the rights and freedoms of individuals. This is done in order to assess the origin, characteristics and seriousness of the risk in question. Combitech can ensure that appropriate action is taken to demonstrate that the handling of personal data is consistent with the GDPR.
Audit, Evaluation and Continuous Improvement
Ensuring GDPR compliance over time requires organizations to regularly and actively evaluate and improve the processes that are implemented. The elements of an annual activity plan are individually tailored to each organization and are developed in consultation with the organization and legal advisers.
Training and Awareness
Everyone who handles personal data needs to understand the implications of the GDPR. We make sure everyone receives the necessary training to carry out their duties properly and effectively.
DPO for hire
Combitech’s certified GDPR consultants can take on the role as data protection officer (DPO). This ensures you have access to the necessary capabilities, available as and when your organization wishes.