General Data Protection Regulation (GDPR) services
We can audit, prepare a report, implement, maintain and guide you throughout your company GDPR
What is GDPR?
What you need to know about it:
- The new Regulation (EU) 2016/679, known as General Data Protection Regulation (GDPR) replaces the Data Protection Directive 95/46/EC and was designed to harmonize data privacy laws across Europe, to protect and empower all EU citizens data privacy and to reshape the way organizations across the region approach data privacy;
- It applies to all companies processing the personal data of data subjects, residing in the European Union, regardless of the company’s location. This means that your company needs to be ready and protected from any online and offline data breaches.
- Its enforcement date is 25 May 2018 – at which time those organizations in non-compliance will face heavy fines (up to 4% of annual global turnover or €20 million (whichever is greater).
- B.A.A.E.R. is already working together with the Bulgarian Regulatory Authority – Commission for Personal Data Protection (CPDP) for implementing their requirements on the GDPR, synchronizing methodologies, participation of their speakers at GDPR seminars we organize, etc.
New personal data protection rules and rights according to GDPR:
- Right to be forgotten – when a subject no longer want his/her data to be processed, and if there are no grounds to retain it, the data should be deleted.
- Data handling transparency – more transparent and easy to understand information how data is processed.
- Privacy by design – is already a legal requirement with the GDPR. It means to include data protection from the onset of the designing of systems, rather than as an addition afterwards.
- Fast data breach detection – businesses and organizations are obliged to inform subjects and data protection supervisory about any data breaches without undue delay.
- Data portability – the right for a data subject to receive the personal data concerning them, and the right to transmit that data to another controller.
- Informed consent – companies will no longer will be able to use personal data without clear affirmative actions for consent from users.
- Data Protection Officer (DPO) – requires data controllers to designate such a new position in companies with more than 250 employees and in firms, which are involved in data processing operations.
Our GDPR audit process:
BAAER steps for checking your GDPR compliancy and action plan:
|1.||Management Intake||2-hour intake on high level asking about the current situation within the company||High level budget|
|2.||Mapping Data types||Training + interviews with every head of department||High level report|
|3.||Company Assessment||Data Protection Impact Assessment||Detailed report|
|4.||Plan / roadmap||Meetings with the customer to define the priorities and ideal process for all the changes||Plan for execution|
|5.||Execution||Perform the required changes to make the company GDPR compliant||Implementation of the plan|
|6.||Testing / Training / Documentation||Test if the required change works; stuff training and provoking understanding how to remain compliant||Test report / Final documentation / Training documentation|
|7.||Sign Off||Official sign of on each item by the company to confirm changes have been done successfully||Sign off documentation|
|8.||Maintenance||Getting compliant is the start, staying compliant is the goal|
Our GDPR services
BAAER’s full portfolio of GDPR related services:
1. Training – train the company about GDPR and after the implementation how it should be used;
2. Audits – provide audits to see if your company is and staying compliant;
3. Reviews – periodic reviews to ensure your company is compliant;
4. DPO Services – DPOs for hire – instead of setting a new job position, you can outsource it to us;
5. Managed Services – all our IT and GDPR services you would like to outsource;
6. Oracle / DB Services – Oracle and other databases management;
7. OWasp Top 10 – keeping your site secure;
8. Network testing – keeping your internal network secure.
The real challenge is not about being in conformity with GDPR on May 25th 2018 but to remain compliant afterwards!
Please CONTACT US for a FREE intake to understand what’s needed for your organization.