In May 2018 all companies in Europe will have to comply with the new European regulation on data privacy : GDPR. Even small or very small companies, will need to be compliant to this new GDPR regulation.
You certainly have a lot of question about this ..
- What is personal data ?
- Do I have to hire a DPO?
- Do I need to execute Privacy Impact assessment ?
- Do you I need to modify my website, and to which extend?
- What do I need concretely to be compliant?
- Is compliance with this regulation mandatory ?
Who will be affected ?
Each and every company in Europe, or processing private information on European citizens.
What is a private information – Personal data ?
The regulation defines 2 types of private data :
Personal data : any information (private and professional) that can identify or can be linked to a living person, whether directly or indirectly.
EX. : name, date of birth, gender, function, address, phone number, ID card, online identifier, fingerprints and CVs. Personal data also includes professional data on individuals (e.g. function professional email address, professional phone number).
Sensitive personal data : personal data that because of their nature requires additional attention.
Ex. : revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, trade union membership, genetic data, biometric data, data concerning health or sexual orientation.
What is processing personal data ?
Processing personal data is :
Obtaining, collecting, recording, archiving, amending, analysing, disclosing or using the data.
GDPR is one the rare regulation that impose you security for your data, along with Confidentiality, integrity and availability.
What are the Benefits for companies to comply with GDPR?
• Increased user awareness
• Better return on investments with security solutions
• Improved user/customer trust
• A transformed security culture.
Is compliance with this regulation mandatory ?
Yes, for everyone.
What happens if you are not compliant with GDPR?
A non-compliant organisation could face a fine of up to 4% of the total worldwide annual turnover or EUR 20 million, whichever is higher.
While financial penalties hurt, the worst damage a firm could suffer is the impact to its reputation.
Good news is : This can be used as a big business enabler.
We can help you on your way to compliance, using this work to show transparency and moreover, the compliance argument will be used as an added value against competitors…
Don’t forget that your customers will request or even require this compliance. If not tomorrow, some days later.
How will we help you ?
First of all we are working with experts on the different aspects of the GDPR. All our expert have a long experience about data privacy, and implementing the needed controls. Implementing a GDPR compliance plan for SME or large enterprises is not a newbie affair. We have the experience with all size of businesses, and we are practical and pragmatic.
No one wants an enormous and costly process to achieve compliance, when this can be done smoothly and at a reasonable price.
We start this journey by making a first status : knowing your activities, how far you are impacted, and checking your actual status.
After this first round we can make a gap analysis and see what you are missing to be and stay compliant. .
Together we build and action plan based on our experience and the priorities applying to you. We assist you for each action when needed. We already created a lot of template and document to help you.
We will help you secure your data. If You are working with Partners or suppliers, who connect to your network, don’t take any risk with your private data. Verify their security level with a TPSA (Third Party Security Assessment)
Do you have to hire a Data protection Officer (DPO)? The privacy commission help you answering this question here (External Link in french).
The regulator offers the choice to have an Inside DPO, or to get help from a third party service provider.
Contact US for more information