The General Data Protection Regulation(GDPR) imposes new rules on organisations that offer goods and services to people in the European Union (EU), or that collect and analyse data tied to EU residents, no matter where they are located.
What is it?
The GDPR contains many requirements about how you collect, store, and use personal information. This means not only how you identify and secure the personal data in your systems, but also how you accommodate new transparency requirements, how you detect and report personal data breaches, and how you train privacy personnel and employees.
ERS provides expert consultancy services that enables your organisations to comply with the General Data Protection Regulation (GDPR). Our services encompass specialist data protection consultancy, GDPR Awareness sessions and workshops, GDPR assessments, training, Data Protection Impact Assessments (DPIA), data breach management and programme management of GDPR compliance activities.
Key features of this service
- Impartial and vendor neutral advice
- Expert knowledge of GDPR requirements and Qualified GDPR practitioners
- Programme management services for delivering GDPR compliance
- GDPR expertise covering breach, incident management and cyber security service
- Identify personal data usage across various departments and perform risk assessment of personal data usage
- GDPR compliance gap analysis and review
- Define technical and non-technical solutions to meet GDPR requirements
- Know what steps to take if you lose personal data
- Avoid large fines and reputational damage
- Operate your business with confidence to create greater trust with your customers and suppliers
- Be compliant with GDPR and other data protection regulations
- Gain understanding of your Personal and Sensitive Personal Data processing
- Provision of qualified GDPR Practitioners
- Get advice from experts in regulatory transformation, reducing risk for your organisations
- Cost-effective and flexible service delivery model
- Ensure best practice and quick end user adoption
Key changes with the Regulation
Individuals have the right to:
- Access their personal data
- Correct errors in their personal data
- Erase their personal data
- Object to processing of their personal data
- Export personal data
Controls and notifications
Processors will need to:
- Protect personal data using appropriate security practices
- Notify authorities within 72 hours of breaches
- Receive consent before processing personal data
- Keep records detailing data processing
Processors are required to:
- Provide clear notice of data collection
- Outline processing purposes and use cases
- Define data retention and deletion policies
IT and training
Processors will need:
- Train privacy personnel & employee
- Audit and update data policies
- Employ a Data Protection Officer (for larger organisations)
- Create & manage processor/vendor contracts
Are you ready for GDPR?
25th May 2018 was the deadline given to companies to comply with the General Data Protection Regulation (GDPR).
For more information please contact us.