Become GDPR Compliant
The GDPR will apply to the processing of personal data by controllers and processors in the EU irrespective of whether the processing takes place in the EU or not and irrespective of whether the processor or controller is established in the EU, where the activities relate to:
Offering of goods or services to EU citizens, irrespective of whether a payment from data subjects is required or
Monitoring of behavior that takes place within the EU.
To that end, the GDPR binds all companies that offer goods or services to EU data subjects regardless of whether their operations takes place in the EU or not.
What changes under the GDPR?
If data processors are not established in the EU, they will have to appoint a representative in the EU.
It will be mandatory for the controller to report to the DPA within 72 hours any breaches that could result “in a risk for the rights and freedoms of individuals.”
The data processors will also be required to notify the controllers, “without undue delay” after first becoming aware of a data breach.
Registration of data processing activities to each local DPA and approval for transfers of data based on Model Contract Clauses will be abolished.
Internal record keeping of the data processing activities will now be required by the controllers and processors and must be readily available upon request by the relevant DPA.
Appointment of a Data Protection Officer (DPO) with specific skills who will report directly to the highest levels of management will be mandatory for those controllers and processors whose core activities consist of operations requiring regular and systematic monitoring of data subjects of a large scale or of data subjects belonging to special categories inter alia criminal convictions and offences.
Safeguarding data transfer mechanisms accepted in all Member States via
Approved codes of conduct and certifications
Simplified procedures for binding corporate rules
All the data controllers and processors will mandatorily have to include the same data protection clauses in their terms and conditions. These clauses will be the same in all Member States.
One stop shop: The supervision of data processing will fall under only one DPA instead of the current practice which requires supervision by the DPA of each Member State the data is processed in.
Fines of up to 20 million Euro or 4% of the total worldwide annual turnover of the preceding financial year.
The Right to be forgotten
The GDPR enhances the rights of data subjects by granting them the right to request from the data controller access to their data (must be sent to them in a machine-readable format within one month from the date of the request) as well as the right of erasure of their personal data even in cases where the personal data was made public.
In view of the substantial requirements imposed on your business by the new GDPR. Our team of experts will help your enterprise become GDPR complaint.
Information is treasure. Due to the constant evolvement of the state of art legal and illegal treasure hunters, data privacy and protection becomes challenging for the organizations.
Governments are continuously imposing new legislation on the collection, use and disclosure of data on a national and supranational level.
For example, the recent ruling of the European Court of Justice on the invalidity of the Safe Harbour Agreement indicates that the European Commission is eager to impose higher barriers to the use and disclosure of personal data.
Nevertheless, the European Commission and the USA recently announced that they are working on a new EU-US privacy “shield” including the following:
Strict obligations on companies processing European citizens data
Clear limitations, safeguards and oversight mechanisms on US government access
The EU citizens will have many different options in case their personal data has been misused
Your headache on data protection legislation will fade out with us as we are able to help you comply with this legislation regardless of your company structure and business activity.