ServicesSpecialised data protection services

Alignment with the General Data Protection Regulation (GDPR)

About the General Data Protection Regulation (GDPR)

After four years of preparation and discussion, the GDPR 679/2016 was eventually adopted by the EU Parliament on 14 April 2016. It will enter into force 20 days after its publication in the Official Journal of the EU and will apply immediately to all Member States two years after this date. Date of enforcement: May 25, 2018 - so organizations that do not comply with these provisions will be subject to heavy fines. The General EU Data Protection Regulation (GDPR 679/2016) replaces Directive 95/46 / EC, which will be formally abolished on 26 May 2020 on data protection and aims at harmonizing privacy laws across the EU Europe, to protect and strengthen the privacy of EU citizens and to reform the way in which organizations approach the data.

The difference between the "Directive" and the "Regulation" is that the Regulations are binding, enforceable, fine-tuning laws. By decision of the Cypriot Parliament GDPR 679/2016 was officially enacted and institutionalized by the Republic of Cyprus.

The regulation applies to any organization that collects, processes and stores personal data from EU citizens or a natural person residing in the EU or completing transactions within EU agencies.

Article 32 of the GDPR 679/2016 clearly states that the controller and the data processor shall apply appropriate technical and organizational measures to ensure a level of safety appropriate to the case-by-case risk, inter alia. Article 32 also requires that the risks of "accidental or unlawful destruction, loss, alteration, unauthorized disclosure or access to personal data" are identified and mitigated. Article 32 of the GDPR 679/2016 is the first provision requiring technical measures to protect data. Although it gives examples of security measures and controls, the article does not provide detailed instructions on what to do to achieve this.

Our team has developed a Business Consultation covering the Internal IT / IS, DPIA, Auditing, Editing, and Proofing & Mapping Process and will comply with the new regulation.

 

Service Implementation Phases:

  1. Design: It includes the Design of activities to be carried out in each relevant area, after analysis and GAP ("gap analysis"), including:
    • Administrative activities,
    • Business units,
    • Information and Communication Technologies (ICT),
    • Data processing,
    • Other activities covered by the General Data Protection Regulation (GDPR 679/2016).
  2. Actions:
    • Communication and Employee Training on the key elements of the analysis.
    • Preparation of the required documents:
      • Data Security Policy and Procedures
      • Internet Data Security Policy (and Cookies)
      • Confidentiality Forms (Employees & Partners)
      • Employee Contracts (Revision)
      • Partner Contracts (Revision)
      • Data Fraud Notification Form
      • Complaint Form
      • Data Acceptance Form (Customer) on the basis of Article 13/14
      • Competencies and Duties of Employees
      • Deletion Policy and Procedure
      • Transmission of data process
      • Data Control Process
    • Applying new business process requirements, with particular emphasis on those that affect the activities of Business Units, Information Systems.
  3. Check: It entails the Analysis of all business processes to ensure proper documentation of the principles of Personal Data Protection, as well as the obligations provided for rights, security, violation, deletion, and data portability.
  4. Implementation:
    • Includes Review of all processes, software, systems and storage tools according to the outputs resulting from the analysis activities carried out and the related documents drawn up.
    • Renewal of Procedures and Manuals, based on the dynamic / changing activities of each organization.
    • Capacity to Provide External Data Protection Officer (DPO) Services, where applicable/ required.

Useful Links:

Joomla! Debug Console

Session

Profile Information

Memory Usage

Database Queries