EU Data Protection rules, set to change The EU General Data Protection Regulation (“GDPR”), impose a radical and much stricter data-protection regulatory framework in Europe and the wider world for the processing of personal data.
Every EU-based “controller” or “processor” of personal data is regulated, as is every controller or processor based outside the EU that targets goods or services, profiles or people living in the EU. It covers every processing operation that can be done on personal data, irrespective of whether it is undertaken by automated or non-automated means or whether done actively or passively (e.g. collection, recording, storing, using, adapting, amending, sharing, transmitting, archiving and erasing the data). Serious contraventions of the law will be punishable by fines up to either €20 million or 4% of total annual worldwide turnover.
Organisations will have to design a GDPR governance strategy that contains the project plan and a roadmap showing what measures will be undertaken to implement this strategy. Each entity will also have to nominate a Data Protection Officer (DPO), whose role is to implement guidelines and structures for data protection according to the General Data Protection Regulation.
Recognizing the changing environment, EKLLC has formed a team of dedicated lawyers, whose sole focus is to assist clients in all aspects of data-protection law.
Our group comprises of data-protection experts, as well as cyber security specialists, allowing us to give the full spectrum of advice to a wide range of industries including, but not limited to: governmental organisations, universities, financial services, shipping, retail, consultancies, information technology and healthcare. We also offer a DPO services for organisations that are required to appoint a Data Protection Officer (DPO) but may not have the capability to do so in-house. We can highlight gaps in compliance and explain how to implement the required policies and procedures, as well as deal with any incidents that may occur.
Our Privacy Service has been designed on the basis that organizations need tailored risk-based solutions to address their individual privacy needs, risk appetite and future business strategy. Its modular and layered structure enables targeted and tailored solutions to be designed, developed, implemented, and monitored consistently, guiding you through the complexity of privacy.
We will also ensure that you are compliant with the new data protection regulation, advising on GDPR compliance, including:
- Policy review, gap analysis and data-protection strategy design
- Analysis how and why the data will be processed
- Preparation of Data Protection Impact Assessments (DPIAs), Privacy Impact Assessments (PIAs), Data Protection Policies (DPPs) and Data Processing Agreements (DPAs)
- Review of cyber security processes and controls to protect data
- Data breach procedures
- Subject access request procedures and handling requests, responses, complaints and enforcement
- Data-portability procedures
- Consultation with the appropriate stakeholders-third parties
- Advising on direct marketing and compliance with privacy regulation
- Multi-disciplinary approach to cyber security and data breaches
- Managing claims before the Courts in relation to data protection, data theft and privacy issues, and investigations by the Information Commissioner's Office
- Advising on issues of data protection and privacy in relation to reputation management
- Documentation of the compliance procedure.
- DPO appointment
- Implementation of a privacy monitoring framework