The General Data Protection Regulation (GDPR)
is a new generalized regulation of the European Union, which replaces the EU Data Protection Directive 95/46/EC, unifies the protection regulation personal data in EU countries and tightens requirements for the personal data protection (any data, related to an identified or identifiable natural person (data subject), which it can be directly or indirectly identified by. The current data include location data, an online identifier or one or more factors, typical for physical, physiological, genetic, mental, economic, cultural or social identity of that individual).
GDPR is applied to the companies, operating in the EU, as well as to organizations outside the EU, providing goods and services (on a paid or free basis) to EU citizens or monitor the EU citizens’ behavior. Monitoring may include anything, including from the cookies recording when visiting a website in order to monitor the website visitor’ path, up to high-tech tracking methods.
The General Regulation has an extraterritorial effect , applied to all companies, processing personal data of EU residents and citizens, regardless of such a company’s location.
- Our methodology for the Personal Data Protection Program implementation, which meets GDPR requirements, is based on the successful projects’ best practices for the Information Security Management Systems implementation and maintenance. Besides it gives a chance to implement certain measures to ensure compliance in a short time and without customers’ significant labor costs.
- The Compliance Control approach is to start with a maximum understanding of the customer’s environment and his current position in relation to the General Regulation (GDPR) requirements. Then we define a for revealed inconsistencies removal plan. Later our specialists involve our experts to implement corrective measures.
We will help to identify all the processes, required to comply with the General Regulation (GDPR) requirements and provide methodological help to organize the current processes. Besides we will show the way to develop the required documentation in accordance with the organization specifics.
We’ll provide professional assistance in maintaining compliance with the General Regulation (GDPR) at the proper level through customer-specific training and third-party audits, providing more reliable validation than self-assessment.
Finally there will be provided a clear map of the personal data movement in the company, as well as an understanding of personal data, used by the company for its own purposes or on controller’s behalf. Besides the audit provides a clear answer on the company’s further actions and measures to take in order to avoid violating the EU legislation requirements on the personal data protection.