What is GDPR?
The European Data Protection Regulation (GDPR) is a legislative act that applies to all EU Member States and which brings company requirements for the protection of personal data.
To whom it applies?
GDPR applies to all economic operators in Romania, regardless of whether the place of processing of personal data is in Romania or not.
What are the GDPR requirements?
The right to be forgotten and the right to data portability are among the main new rights introduced by the Regulation, which will require service providers to know exactly where the data is located, in their systems, and to take action on deleting these data if requested.
The need for Data Protection Officer. GDPR mandates that all public sector bodies and those involved in the regular monitoring of large-scale data subjects or in the processing of special categories of data, should nominate a Data Protection Officer (DPO).
Operators must also implement appropriate technical and organizational measures to ensure a level of security appropriate to that risk (eg pseudonymization and data encryption, integrity, availability and resilience of processing systems and services, etc.)
What are the effects of not applying GDPR?
Failure to comply with GDPR provisions, in conjunction with the emergence of security incidents likely to affect personal data, may result in significant fines for institutions of up to € 20 million or 4% of global annual turnover (depending on the impact of the incident ).
What is the implementation deadline?
The Regulation enters into force on 25 May 2018. By this dateall entities covered by the GDPR have to implement the specific provisions of the Regulation.
How can we help?
We provide full support needed to understand, in the first stage, the GDPR provisions, how they should be transposed, and then assessing how data is processed in the company and identifying weaknesses, respectively by assisting in the selection and implementation of technical and operational measures within the organization.
Our consulting services for GDPR alignment include:
- Introduction and training courses. We will present the GDPR requirements and how these requirements should be implemented by the employees within your Company.
- Gap analysis. We will conduct a compliance assessment in order to assess what are the gaps comparing to the GDPR requirements and if the current documentation prepared by the company is able to fulfill the requirements of this Regulation.
- Assist in uniform and effective implementation of policies and procedures on personal data management within the organization for a correct alignment with GDPR requirements.
- Compliance audit to evaluate the organization’s alignment results with GDPR requirements at the end of the project.