- Territorial Scope: GDPR will apply to all companies or entities processing the personal data of data subjects residing in EU, regardless of
company’s or entity’s location or the location of data processing.
- Consent & New Rights: The consent of a data subject for the processing of its personal data must be freely given, specific, informed
and unambiguous. Furthermore, data subjects will have the right to withdraw consent at any given time, the right to data portability and
the right to erasure.
- Breach notification within 72 hours: Duty to report the personal data breach to supervisory authority within 72 hours after having become
aware of the breach.
- Privacy By Design: Legal requirement to embed data protection and privacy issues into your processing activities and business
- Data Protection Impact Assessment (DPIA): Duty of company or entity to undertake DPIA when conducting risky or large scale
processing of personal data.
- Data Protection Officer (DPO): DPO must be appointed if a company or entity conducts large scale systematic monitoring or processes
large amounts of sensitive personal data.
- Accountability: Company or entity is accountable for processing personal data in accordance with the GDPR and has to be able to prove
- Cross-border data transfer: Restrictions on the data transfer of personal data outside the EU unless certain conditions are met.
We can help your company to comply with GDPR
We offer a full range of customized services to suit organizations specific needs at any stage of the GDPR readiness procedure.
- GDPR Assessment
- Data Privacy Impact Assessment
- GDPR Implementation
- Data Breach Plan and Action
- Education and Training
- Data Protection Officer
- EU Representative