Since May 2018, every organisation that processes personal data must take account of the General Data Protection Regulation (GDPR).
This European privacy law, which replaces the outdated data protection directive from 1995, sets strict requirements for the way in which your organisation deals with personal data and users. Failure to comply with the GDPR can have unpleasant consequences! Fortunately, you can go to DPO Consultancy for, among other things, a GDPR Assessment and implementation of the corresponding measures.
The assessment is thoroughly tested and determined to what extent the organisation meets the requirements of the GDPR. An overview is drawn up of possible risks that the organisation may face in the context of processing personal data.
A thorough inventory provides the right insight and also immediately highlights the points for attention. These points for attention form the basis for the gap analysis. The purpose of the gap analysis is to see the gap between the current state of the organisation to the requirements of the law, including in terms of the desired security level.
During the implementation, the findings from the baseline measurement and the gap analysis come to life. This is clearly reflected in the implementation plan. This plan is aimed at integrating the measures to be taken into business operations in a structured and controlled manner.
A plan ensures that everyone knows what needs to be done, who should deliver what, when, with what quality, what the priorities are and how implementation takes place in a careful and controlled manner.
With an implementation, the outstanding measures that follow from an assessment are implemented. These measures consist of processes, procedures, guidelines, protocols, legal documentation and advice on technical measures. Consider, for example, the use of Multi-factor Authentication within systems with personal data, anti-malware solutions, encryption of laptops / databases, etc. How many processes and procedures must be made varies per organisation.
A DPO from DPO Consultancy ensures you:
Informing and advising of the employees concerned about the obligations of the GDPR and other data protection provisions
Collaboration with the supervisory authority
Supervision on compliance with the GDPR, other data protection provisions and the policy of the organisation
Acting as a contact point for stakeholders and the supervisory authority
Under the General Data Protection Regulation (GDPR), certain controllers and processors are required to appoint a Data Protection Officer (DPO). The DPO’s range of duties includes advising and training employees and performing baseline measurements and internal audits. He also acts as a contact person for the supervisory authority.
Is there a complaint or question from a person whose data you keep or process? In this case, the DPO is also the contact person. We form a buffer between you and third parties. The DPO has an independent position. Among other things, he assesses the safety measures taken. In addition, he guarantees compliance with the various laws relating to data processing.
DATA PROTECTION REPRESENTATIVE
Companies that are not physically established in the EU, but do business with or process data from people from the EU, are required by the GDPR to designate a DPR (Data Protection Representative) in the EU. DPO Consultancy can act as your DPR.
According to the GDPR, the DPR has a number of statutory duties. This results that a DPO Consultancy DPR performs the following tasks:
Contact person: As your DPR in the EU we are your contact person for your data subjects in all European countries for all privacy related questions.
Representation: We are legally designated to represent you as “controller” for national data protection regulators in the EU.
Register of Processes: Together with you, we set up and maintain a Register of Processing. Upon request we make this available to the supervisors.
In addition to these legal duties, a DPR can of course also perform other duties in the GDPR field. From our experience with international customers, we are happy to think along with you about how you can use careful data protection as a competitive advantage.
A DPR from DPO Consultancy ensures that you:
Meet the legal requirements of Article 27 of the GDPR, without having to be physically present in the EU.
Have experts with very thorough knowledge of the GDPR at your disposal.
Can guarantee independence.
Have access to a network of highly skilled privacy professionals with expertise in various fields, including legal and IT.
Can use a network of consultants with very broad experience in the field of GDPR implementation.
Can achieve a competitive advantage from careful data protection.
Work cost efficiently, through established competitive annual fees.