What is GDPR?
General Data Protection Regulation 2016/679, was approved in April 2016 by the European Commission and entered into force in May 2018.
The purpose of the Regulation is to analyze the obligations of those who collect and process personal data and to establish rules for the protection of the rights of those whose personal data are processed.
Who is the GDPR addressed to?
The General Data Protection Regulation is addressed to all organization of the private or public sector, both inside and outside the European Union, regardless of their size, which process some form of personal data concerning European Citizens.
Basic Principles
• Lawfulness, Transparency and Fairness
• Purpose Limitation
• Data Minimization
• Accuracy
• Storage Limitation
• Integrity and Confidentiality
• Accountability
Penalties
Any data subject has the right to lodge a complaint with a supervisory authority, if he/she considers that the processing of personal data relating to him or her infringes the Regulation.
In the event of an infringement being ascertained, high administrative fines may be imposed on the basis of the total worldwide turnover, which may reach up to EUR 20 million, depending on the seriousness of the infringement.
How can we help?
Our Company has experienced consultants who can help you evaluate the extent to which your activities fall within the requirements of the Regulation and guide you to change or improve your practices in order to achieve full compliance to the Regulation.
Specifically we can provide Risk Assessment, Website reformation, Data Protection Policies and Procedures services. In addition, we are able to guide you and help your business develop an Information Security Management System (ISMS) in accordance with ISO 27001, whose use is also encouraged by the GDPR.
When implementing an ISMS, organizations, by applying best practices, demonstrate their commitment to effective and responsible information management, and cover aspects such as risk assessment, compliance and notification in case of a breach, thus meeting the GDPR requirements.