From 25th May 2018, the General Data Protection Regulation EU 2016/679, or GDPR for short, came into force across all EU Member States. It has affected the processing and movement of the personal data of approximately 500 million EU citizens and describes and regulates how and why personal data should be processed and used by organisations.
Both data controllers (the organisation that determines what, how and why personal data is processed) and data processors (any organisation processing data on a data controller’s behalf) are directly subject to, and required to comply with, the GDPR. Those organisations must ensure their processing of personal data complies with the data protection principles and uphold the rights of the individual.
Companies that infringe the GDPR provisions (e.g. regarding the GDPR principles, the rights of the data subject, etc.) or fail to comply with the GDPR (for example by failing to notify a personal data breach or failing to implement appropriate technical and organisational measures to protect personal data) will be liable for significant fines.
At Equantiis we can help you assess your existing level of GDPR compliance, raising awareness of GDPR within your organisation, whilst helping you to understand if and how you fall under the scope of GDPR. Our consultants can work with you to review your business operations and data handling processes, discover the personal data you capture and process, examine your reliance on third party service providers and data processors and review your current control environment.
We can also support your implementation of the measures and processes you will need to fulfil GDPR’s requirements for ‘Data Protection by Design and by Default’, which may require you to carry out a Data Protection Impact Assessment (DPIA) for your data processing.
“The GDPR has the potential to impact globally: it not only applies to all organisations within the EU that process the personal data of citizens of EU Member States; it also encompasses organisations based outside the EU if they offer goods and services to, or monitor the behaviour of, EU citizens.”