EU Data Protection rules set to change The EU General Data Protection Regulation (“GDPR”) imposes a radical, much stricter data protection regulatory framework in Europe and the wider world for the processing of personal data.
Every EU-based “controller” or “processor” of personal data is regulated, as is every controller or processor based outside the EU that targets goods or services, profiles or people living in the EU. It covers every processing operation that can be done on personal data, irrespective of whether it is undertaken by automated or non-automated means or whether done actively or passively (e.g. collection, recording, storing, using, adapting, amending, sharing, transmitting, archiving and erasing the data). Serious contraventions of the law will be punishable by fines of up to either €20 million or 4% of total annual worldwide turnover.
Organisations will have to design a GDPR governance strategy that contains the project plan and a roadmap showing which measures will be undertaken to implement this strategy. The entity will also have to nominate a data protection officer whose role is to implement guidelines and structures for data protection according to the General Data Protection Regulation.
Our group comprises data protection experts as well as cyber security specialists, allowing us to give the full spectrum of advice to a wide range of industries including but not limited to: governmental organisations, universities, financial services, shipping, retail, consultancies, information technology and healthcare. We also offer a DPO service for organisations that are required to appoint a Data Protection Officer but may not have the capability in-house. We can highlight gaps in compliance and explain how to implement the policies and procedures needed, as well as dealing with any incidents that may occur.
Our Privacy Service has been designed on the basis that organizations need tailored risk-based solutions to address their individual privacy needs, risk appetite and future business strategy. Its modular and layered structure enables targeted and tailored solutions to be designed, developed, implemented and monitored consistently, guiding you through the complexity of privacy and complex global organizations.
Ensure that you’re compliant with the new data protection regulation. Advising on GDPR compliance, including:
- Policy review, gap analysis and data protection strategy design
- Analyze how and why the data will be processed
- Preparing Data Protection Impact Assessments (DPIAs) Privacy Impact Assessments (PIAs), data protection policies (DPPs) and data processing agreements (DPAs)
- Preparing Privacy Impact Assessments, data protection policies and data processing agreements
- Review of cyber security processes and controls to protect data
- Data breach procedures
- Subject access request procedures and handling requests, responses, complaints and enforcement
- Data portability procedures
- Consult with the appropriate stakeholders-third parties
- Advising on direct marketing and compliance with privacy regulation
- Multi-disciplinary approach to cyber security and data breaches
- Managing claims before the Courts in relation to data protection, data theft and privacy issues, and investigations by the Information Commissioner's Office
- Advising on issues of data protection and privacy in relation to reputation management
- Documentation of the compliance procedure.
- DPO appointment
- Implementation of a privacy monitoring framework