GDPR

Combitech is your GDPR partner from start to finish.

You’re probably aware of the requirements that General Data Protection Regulation (GDPR) puts on all organization based in EU. And that the Schrems ii judgement from July 2020 have emphasized the requirements of new General Data Protection Regulation (GDPR) and invalidated the use of Privacy Shield when transferring personal data to the USA.

In short, the GDPR have replaced local data protection laws within the EU and will involve a stricter approach to the handling and protection of personal data. The GDPR also represents a tightening of regulations on how organizations operating in the EU may collect, allow access to, store and handle personal data.

Combitech helps you define if and in what areas of the GDPR your organisation needs to strengthen to meet the legal requirement. If needed Combitech help with for example, to put in place routines and evaluation mechanisms to ensure lawful processes of personal data that your organisations conduct.

The route to compliance

Here is some advice about what needs to be done to ensure your organization complies with the law.

  • Expertise and awareness are key factors. Management and other stakeholders have to understand the implications of the GDPR. What needs to be done and why?
  • Conduct a review to get an idea of the scope, both territorially and in terms of data flows. This ensures that all personal data is handled.
  • Carry out an assessment to answer key questions about how personal data is collected, transmitted, processed and stored. And how individuals’ rights are ensured.
  • Find out what security measures and protective mechanisms are in place to address identified risks.
  • Map critical data flows to identify where personal data is stored. A data flow map makes it easier to pinpoint where security measures should be implemented.
  • Based on the assessment, perform an analysis of the legal requirements that need to be fulfilled depending on the type of personal data identified. Then convert legal requirements into security requirements. Perform a gap analysis to see which requirements have already been dealt with and which still need to be addressed.
  • Bear in mind that everyone who handles personal data needs to understand the implications of the GDPR. Ensure everyone receives training so they can carry out their duties properly and effectively.

A vast number of new requirements to consider. What stage are you at?

For organizations that handle personal data using various systems, work on satisfying the new legal requirements can be extensive, as processes, IT systems and legal applications have to be reviewed and updated. Together with the introduction of fines, this means that implementing the GDPR has to be high on the agenda for all organizations affected.

“For many organizations, implementing the GDPR will involve more work than was required to manage the millennium bug.”

Stefan Simonson, Cyber Security expert

Achieving GDPR compliance step-by-step

GDPR and Security Awareness
Create awareness and understanding of the GDPR. We hold a workshop for management and other stakeholders.

Data Protection Assessment
We conduct an assessment of your organization to review what personal data is handled and how. We identify and map the data flows and systems involved. 

GDPR Gap Analysis and Risk Assessment
We conduct a gap analysis and risk assessment to identify critical gaps and risks and evaluate and prioritize them. This reveals which requirements have already been dealt with and which still need to be addressed to achieve GDPR compliance. The legal analysis is carried out by Combitech’s legal partner or by your legal advisers.

Implementation
We guide and help you meet the relevant security requirements which, once implemented, means you satisfy the requirements defined in the GDPR. This includes planning action programmes and implementation of measures, along with development and implementation of processes and guidelines.

GDPR continuity

Data Protection Impact Assessment (DPIA)
All controllers must perform a data protection impact assessment (DPIA) if the data processing is likely to result in a high risk for the rights and freedoms of individuals. This is done in order to assess the origin, characteristics and seriousness of the risk in question. Combitech can ensure that appropriate action is taken to demonstrate that the handling of personal data is consistent with the GDPR.  

Audit, Evaluation and Continuous Improvement
Ensuring GDPR compliance over time requires organizations to regularly and actively evaluate and improve the processes that are implemented. The elements of an annual activity plan are individually tailored to each organization and are developed in consultation with the organization and legal advisers.

Training and Awareness
Everyone who handles personal data needs to understand the implications of the GDPR. We make sure everyone receives the necessary training to carry out their duties properly and effectively.

DPO for hire
Combitech’s certified GDPR consultants can take on the role as data protection officer (DPO). This ensures you have access to the necessary capabilities, available as and when your organization wishes.

Learn more about: