Personal Data Protection Regulation (GDPR)
The objectives and principles of Directive 95/46/EC remain sound, but it has not prevented fragmentation in the implementation of data protection across the Union, legal uncertainty or a widespread public perception that there are significant risks to the protection of natural persons, in particular with regard to online activity. Differences in the level of protection of the rights and freedoms of natural persons, in particular the right to the protection of personal data, with regard to the processing of personal data in the Member States may prevent the free flow of personal data throughout the Union. Those differences may therefore constitute an obstacle to the pursuit of economic activities at the level of the Union, distort competition and impede authorities in the discharge of their responsibilities under Union law. Such a difference in levels of protection is due to the existence of differences in the implementation and application of Directive 95/46/EC. 25 May 2018 is the day that change all that we knew about data protection as the EU’s General Data Protection Regulation (GDPR) has being put in force from that date and will supersede all EU member states’ current national data protection laws.
We have been working on this issue for quite a while and an experienced team of economists, Informatics technicians, lawyers, legal experts in digital security issues with the necessary credentials and who will always by your side to complete the following necessary tasks in order to update your Data Protection implementation :
- a) Analysis and understanding of all senior executives in your organization of issues arising from the GDPR (awareness).
- b) Data recording (data inventory) and of procedures, systems and files (physical and digital) containing them (data mapping),
- c) Analysis of the deviation from compliance with the GDPR (Gap Analysis),
- d) Design (or redesign) of appropriate policies and data flows treatments carried out, so that the institution will be able to monitor and create record-keeping systems.
- e) Advisory or our undertaking the task of controller to carry out impact assessment (Data protection impact assessment – DPIA) concerning data protection at specific types of edits.
- f) Advisory or our undertaking to disseminate its work. Data Protection Officer (Data Protection Officer-DPO) on the basis of specific quality criteria, which include conducting specific types of edits and with flat-rate contract.
- g) Protection from extremely high fines. With the new regulation the height of emerging administrative fines rocketing sky high in the event of infringements of the provisions of Regulation, if measures are not taken.
Thus, specific violations of the obligations of those responsible entity and persons performing data management are punishable by fines of up to €10 million or in case businesses up to 2% of total global annual turnover.