General Data Protection Regulation (GDPR)

On May 2018, a new European privacy law called the General Data Protection Regulation (GDPR) came into effect. It regulates the processing of personal data relating to individuals in the EU regardless of where the processing takes place.

The Regulation lays down general rules to protect natural persons with regard to the processing of personal data and to ensure the free movement of personal data within the European Union. It imposes new obligations and stricter requirements on all business that process personal data from EU citizens and establishes a new right for individuals.

Any processing of personal data should be lawful and fair. It should be transparent to natural persons that personal data concerning them are collected, used, consulted or otherwise processed and to what extent the personal data are or will be processed.

GDPR Influence on Business

If you are processing or holding for example personal name, social security number or other personal identification numbers, address, phone number, email, location, online identifier and so on of the EU citizens the GDPR applies to you. It does not matter where the processing takes place or where the company’s location is. Find out how much your company complies with GDPR to avoid an administrative fine up toc4% of annual global revenue or 20 million Euros, whichever is greater if your business does not comply with GDPR.

GDPR Key Requirements
  • Territorial Scope: GDPR will apply to all companies or entities processing the personal data of data subjects residing in EU, regardless of
    company’s or entity’s location or the location of data processing.
  • Consent & New Rights: The consent of a data subject for the processing of its personal data must be freely given, specific, informed
    and unambiguous. Furthermore, data subjects will have the right to withdraw consent at any given time, the right to data portability and
    the right to erasure.
  • Breach notification within 72 hours: Duty to report the personal data breach to supervisory authority within 72 hours after having become
    aware of the breach.
  • Privacy By Design: Legal requirement to embed data protection and privacy issues into your processing activities and business
  • Data Protection Impact Assessment (DPIA): Duty of company or entity to undertake DPIA when conducting risky or large scale
    processing of personal data.
  • Data Protection Officer (DPO): DPO must be appointed if a company or entity conducts large scale systematic monitoring or processes
    large amounts of sensitive personal data.
  • Accountability: Company or entity is accountable for processing personal data in accordance with the GDPR and has to be able to prove
  • Cross-border data transfer: Restrictions on the data transfer of personal data outside the EU unless certain conditions are met.
We can help your company to comply with GDPR

We offer a full range of customized services to suit organizations specific needs at any stage of the GDPR readiness procedure.

  • GDPR Assessment
  • Data Privacy Impact Assessment
  • GDPR Implementation
  • Cybersecurity
  • Data Breach Plan and Action
  • Education and Training
  • Data Protection Officer
  • EU Representative
Privacy Preferences
When you visit our website, it may store information through your browser from specific services, usually in form of cookies. Here you can change your privacy preferences. Please note that blocking some types of cookies may impact your experience on our website and the services we offer.