General Data Protection Regulation (GDPR) by the European Parliament and the Council, was adopted on April 2016 and focuses on the protection of natural persons, with regard to the processing of personal data and on the free movement of such data.
It came to replace the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy.
GDPR increases organisations’ liabilities and imposes very high fines in cases of non-compliance with its requirements. The implementation of the GDPR aims to:
- Strengthening the rights and freedoms of individuals to protect their personal data.
- The need for unification of application of the rules regarding the protection of personal data in the EU.
According to the GDPR:
- The concept of simple personal data and sensitive personal data is specified.
- GDPR adds definitions such as “limitation of processing”, “profile training”, “pseudonymization”.
- The definition of “controller” is laid down and determines the purposes and means of the processing of personal He must be able to demonstrate at any time that he is applying the GDPR.
- The definition of “Data Protection Officer” is set up. He informs and advises the controller and processor as well as the staff that processes personal data, about their obligations derived from GDPR regarding data protection
- Data breaches must be reported to the supervisory authority within 72 hours
- Increased risk management requirements are created, including Data Privacy Impact Analysis (DPIA).
GDPR goes into effect in 25 May 2018 and has international reach. So, when GDPR goes into effect, any organization that processes data of EU data subjects will encounter new, uniform data protection requirements or strict fines for non-compliance, 4% of annual turnover or €20 million per incident, whichever is higher.
The project of preparing an organization to comply with the GDPR requirements is distinguished in the following phases:
- Identification, Data Mapping & Data Flow Analysis
- GAP Analysis
- Data Privacy Impact Assessment (DPIA)
- Implementation of Action Plans
- Contingency PlanAudits – Controls
- Awareness – Training
- Ongoing Management & Follow-up
HYPERTECH with its specialized consultants is able to assist your organisation and provide all the necessary services for the compliance with GDPR requirements.