Since May 2018, every organization that processes personal data must take account of the General Data Protection Regulation (GDPR).
This European privacy law, which replaces the outdated data protection directive from 1995, sets strict requirements for the way in which your organization deals with personal data and users. Failure to comply with the GDPR can have unpleasant consequences! Fortunately, you can go to DPO Consultancy for, among other things, a GDPR Assessment and implementation of the corresponding measures.
The assessment is thoroughly tested and determined to what extent the organization meets the requirements of the GDPR. An overview is drawn up of possible risks that the organization may face in the context of processing personal data.
A thorough inventory provides the right insight and also immediately highlights the points for attention. These points for attention form the basis for the gap analysis. The purpose of the gap analysis is to see the gap between the current state of the organization to the requirements of the law, including in terms of the desired security level.
During the implementation, the findings from the baseline measurement and the gap analysis come to life. This is clearly reflected in the implementation plan. This plan is aimed at integrating the measures to be taken into business operations in a structured and controlled manner.
A plan ensures that everyone knows what needs to be done, who should deliver what, when, with what quality, what the priorities are and how implementation takes place in a careful and controlled manner.
With an implementation, the outstanding measures that follow from an assessment are implemented. These measures consist of processes, procedures, guidelines, protocols, legal documentation and advice on technical measures. Consider, for example, the use of Multi-factor Authentication within systems with personal data, anti-malware solutions, encryption of laptops / databases, etc. How many processes and procedures must be made varies per organization.
A DPO from DPO Consultancy ensures you:
Informing and advising of the employees concerned about the obligations of the GDPR and other data protection provisions
Collaboration with the supervisory authority
Supervision on compliance with the GDPR, other data protection provisions and the policy of the organization
Acting as a contact point for stakeholders and the supervisory authority
Under the General Data Protection Regulation (GDPR), certain controllers and processors are required to appoint a Data Protection Officer (DPO). The DPO’s range of duties includes advising and training employees and performing baseline measurements and internal audits. He also acts as a contact person for the supervisory authority.
Is there a complaint or question from a person whose data you keep or process? In this case, the DPO is also the contact person. We form a buffer between you and third parties. The DPO has an independent position. Among other things, he assesses the safety measures taken. In addition, he guarantees compliance with the various laws relating to data processing.
DATA PROTECTION REPRESENTATIVE
Companies that are not established in the EU but process data from people who are in the EU, are required by the GDPR to designate a Data Protection Representative (DPR) in the EU. The same applies to the UK. Additionally, there may be instances where a company must appoint a DPR in both the EU and the UK. DPO Consultancy can act as your DPR.
According to the GDPR, the DPR has a number of legal duties. A DPO Consultancy DPR will perform the following tasks for you:
Contact person: For all privacy related questions, we are the contact person for your data subjects in all European countries and the UK.
Representation: We are legally designated to represent you as ‘controller’ for national data protection authorities in the EU and/or the UK.
Records of processing activities: Together we set up and maintain a record of processing activities. Upon request we make this record available to the data protection authorities.
In addition to these legal duties, a DPR can of course also perform other activities relating to data privacy and data protection. From our experience with international customers, we are happy to assist you in using this to achieve a competitive advantage.
A DPR from DPO Consultancy ensures that you:
Meet the legal requirements of Article 27 of the GDPR, without having to be established in the EU or UK.
Have experts with extensive knowledge of the GDPR at your disposal.
Can assist in preventing a conflict of interests.
Have access to a network of highly skilled privacy professionals with expertise in various fields, including legal and IT.
Can use a network of consultants with very broad experience in the field of GDPR implementation.
Achieve a competitive advantage by applying accurate data protection.
Work cost efficiently through fixed annual fees.