Combitech is your GDPR partner from start to finish.

As you are aware of, the General Data Protection Regulation (GDPR) enforces requirements on all EU-based organizations, and the Schrems ii judgement from July 2020 not only emphasizes the requirements of the new GDPR but invalidate the use of Privacy Shield when transferring personal data to the USA.

The GDPR have replaced local data protection laws within the EU and imply a stricter approach to the handling and protection of personal data. The GDPR also represents a tightening of regulations on how organizations operating in the EU may collect, allow access to, store and handle personal data.

Requirements overiew

We have defined 12 compliance areas of GDPR.

Achieving control and a structured management of GDPR compliance will benefit from structuring the requirement differently, and requires a high level of expertise and understanding of GDPR.

Based on experience and best practise we have developed a structure for the GDPR requirements that supports for example GAP analysis, incorporating the ongoing GDPR compliance work with Management systems such as ISO 27001, 9001 and 14005.

The route to compliance

Here is our advice on what we consider important to ensure your organization is compliant.

  • Expertise and awareness are key factors. Management and other stakeholders must understand the implications of GDPR; What needs to be done and why?
  • Conduct a review to get an idea of the scope, both territorially and in terms of data flows. This ensures that all personal data is covered.
  • Carry out an assessment to answer key questions about how personal data is collected, transmitted, processed, and stored, as well as how individuals' rights are upheld.
  • Identify security measures and protective mechanisms in place to address identified risks.
  • Perform a gap analysis to see which requirements have been dealt with and which still need to be addressed.
  • Training and awareness ensure that every member in your organization can carry out their duties properly and effectively.

Whether you are aware of your shortages but want effective support in remediating these, or you need an expert review of the organisation’s GDPR compliance status, we have capabilities to meet your needs.

Learn more about: