The EU General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy. The enforcement date is 25 May 2018 – at which time those organizations in non-compliance will face heavy fines ( up to 4% of the revenue or 20 million EU whichever greater) .The introduction of the GDPR in EU is having much wider than EU only impact as it stipulates also specific data privacy responsibilities for Non-EU companies, which operate on EU soil and do touch personal identifiable information for EU citizens.
A number of new or updated requirements are differentiating GDPR from the previous regime:
- Broadened and detailed definition of what constitutes a personal data
- A requirement to keep a detailed inventory of the privacy data in the organization
- New rights of the data subject like Right to be Forgotten and Right to Object Profiling
- 72 hours deadline to report certain types of data breach to the relevant supervisory authority.
- A Data Privacy Officer role to be assigned in the organization in specific cases
- Adopt Privacy by Design principle as a general obligation to show that you have considered privacy data protection into the product, service or technology and many more…
EGS GDPR Centre of Expertise is providing full scale tailored GDPR remediation and compliancy consulting services. The team is comprised from legislation, IT security and process operations experts, approaching the GDPR compliancy topic from a cross disciplinary perspective and guiding the customer organization through the new legislation compliancy process.
EGS GDPR team is providing the following services:
GDPR Awareness: A focused exploratory workshop usually done in about 1.5 working days with key stakeholders from the business and GDPR team in order to raise awareness on the topic.
GDPR Remediation & Compliancy: A full scale project moving through Discovery, Assessment, Remediation and GDPR Compliancy Check led by EGS assigned team, working closely with the customer allocated contacts and stakeholders.
GDPR FastTrack – A quick and focused assessment, outlining the major non-compliant activities and key remediation activities triggered for imminent remediation.
DPO As A Service – A managed service ongoing agreement with the customer to provide Data Privacy Officer remotely or onsite as a part of the key GDPR requirements ( where GDPR mandates the DPO assignment)
Privacy Impact Assessment – Privacy Impact Assessment service can be obtained either as part of the DPO as a Service offering or as a separate on-demand package aimed to check the GDPR compliancy of a specific product, service or technology
Data Inventory And Data Remediation – A data inventory exercise is performed which includes all the required information concerning personal data processing, such as legal grounds, purpose(s), categories of data, retention period and conducted risk analysis. If necessary further data pseudonymization and anonymization will be performed on the sensitive data sets.