On the 25th May 2018 the new General Data Protection Regulation (GDPR) will come into force, which represents a paradigm change on these matters.
Any entity that collects, stores, uses, reveals or processes in any other way personal data must ensure the safety of this information.
Personal Data is comprised by any information that is susceptible to idenfity a single individual, namely the name, identification number, localization data or physical elements such as pictures.
The biggest change the the new regulation brought to light is the fact that its the responsibility of the entities to be able to demonstrate that they comply with the legal requirements.
How to comply with the regulation
How we operate
In order to ensure that our clients comply with the GDPR (General Data Protection Regulation), our firm operates on three different stages:
1. Consultancy and instruction in light of the GDPR
- Advise on real problems with practical application of the GDPR
- Worker instruction on the best practices to adopt
2. Audit to the current process of personal data:
- Inventory of all processed data;
- Inventory of the consents and further requirements according to the data type and its purpose;
- Inventory of the personal data access policies towards its user;
- Inventory of all used security systems;
- Verification of existing internal policies;
- Verification of existance of a Data Protection Officer (DPO).
3. Operational measures to implement to comply with the GDPR
- Drafting of a detailed report containing the measures to implement in order to comply with the GDPR;
- Drafting of privacy policies and codes of conduct.
4. Analysis and adaptation of current technical and technological procedures
- Listing of the safety measures to adopt in order to comply with the GDPR;
- Execution of intrusion testing.