Problems and challenges
I want to process personal information in accordance with GDPR requirements
In line with the European Union General Data Protection Regulation, the new data protection regulations become enforceable from May, 2018.
- The rules apply to any company that processes personal data: the largest entities, but also small-medium businesses, including medical surgeries, training companies, HR agencies and marketing companies.
- The rules do not specify how to proceed, but the purpose of protection. The security systems used should provide a level of security appropriate to the requirements and risks of the risk based approach, to ensure that protection of processed data is always on the highest level.
- All business processes should consider personal data protection at their planning stage (privacy by design), anticipate possible problems and have built-in mechanisms that limit them.
- Any data processing company must obtain customer consent (using an opt-in system, meaning an informed decision to provide information about himself), to collect and process personal data. Every individual should have the right to rectify their personal data, the right “to be forgotten” and the right to transfer the data.
- Organizations that become victims of data privacy violations must report the incident to the supervisory authorities within a maximum of 72 hours. The information provided will include a description of the infringement and a description of the measures that will be taken to address the leakage problem. In some cases data breaches should also be reported to the data subject.
- The regulation provides that fines for violating new rules may amount to as much as 4% of the company’s annual worldwide turnover or up to € 20 million.
IMMUSEC experts will help you comply with GDPR requirements: they will perform a compliance audit, design a solution, and in the event of personal data leakage, will limit its impact. Our support covers all aspects of company operations: organization, technology, and legal aspects.
How to comply with GDPR in 10 steps
- Data inventory – including everything a customer has, assessment of its relevance and sensitivity, places where it is stored, who has access to it, why and how it is processed.
- Analysis of risks associated with data processing, technical and legal aspects
- Assessment of the state-of-the-art: overview of security used in IT systems, contracts with subcontractors, analysis of clauses with customers
- Recommendation on how to technically and legally adapt your data processing system
- Compliance plan: adaptation activities in the areas of procedures, standards, processes, organization and technology
- Incident monitoring, detection and interpretation of security incidents
- To reduce the impact of incidents, prepare communications to customers, notify regulatory authorities, secure and repaire IT environment, legal protection
- To ensure continuous compliance, monitoring the performance of the data processing system, implementing the necessary adjustments, maintaining security and compliance with RODO
- Raised awareness, employee training and involvement in security protection