Plan, Execute, Profit

GDPR is a Fact

We plan and deliver your compliance

You are leading an SME. Perhaps with quite a few legacy systems, in it. And perhaps you might think the compliance costs are too high. Way over your budget.

Our Method will be turning your Legacy into an GDPR compliant Business.

For a fraction of a cost.

What is GDPR?

Simply: Much stricter Compliance

GDPR comes into power on 25th of May 2018.

Good, and why should we care, actually?

The new EU General Data Protection Regulation (GDPR) represents the most significant change in global privacy law in 20 years. The GDPR places important new obligations on any business that handles the data of individuals living in the EU, independent of where the business is located. Under the new legislation, companies can incur fines of up to €20 million or 4% of annual worldwide turnover (i.e., gross revenue), whichever is greater, depending on the nature of the violation.

The countdown to GDPR compliance has begun. While May 25, 2018 seems like a long time away, the process of building a plan, securing budget, and implementing a program can take several quarters or more.

Six key requirements

Do you run a small or medium enterprise?

You have obligation to prepare for GDPR

Six, most important GDPR requirements

Scope: expansion of who is subject to the regulation, who is protected by the regulation, and who is enforcing the regulation

Data: new definitions of “personal data”, “sensitive personal data”, and the introduction of pseudonymized data processing

Consent: consent requirements for data processing and explicit consent requirements for profiling data (i.e., analysing personal preferences or behaviour)

Individual Rights: including the “right to be forgotten” for erasure of online information and “data portability” to easily transfer data to another provider

International Data Transfer: restrictions to personal data transfer outside of EEA unless adequacy requirements are met (e.g., via EU-US Privacy Shield once ratified, Model Contract Clauses, Binding Corporate Rules)

Data Breach Notification: notification to the Supervisory Authority within 72 hours and if there is potential for serious harm to individuals, notification must be “without undue delay”

Accountability: governance requirements such as audits and Data Protection Officers (DPOs), recognition of seals and certification programs as a route to demonstrate GDPR compliance