GDPR: a new paradigm
In comparison to previous European data privacy legislation, the GDPR (General Data Protection Regulation) can be considered as a new paradigm:
DPO (internal or external)
The appointment of a DPO (Data Protection Officer) is mandatory for public companies. It is also compulsory for private companies that process sensitive data or profile individuals on a large-scale.
Organisations outside the European Union (whose head offices or servers are located outside the European Union) are also concerned by the GDPR when they target European citizens (especially on the web).
Right to be forgotten/Right to erasure
The right to be forgotten and the right to erasure allow individuals to have their digital footprints altered in order for them to take control of their digital life.
Data protection by design and by default
Data protection by design and by default introduces the concepts of data protection during the design of a product or service, without requiring any additional action from the person concerned (DP by default).
PIA (Privacy Impact Assessment)
The PIA (Privacy Impact Assessment) is produced in a number of cases, notably when the processing of personal data entails a risk for individuals.
Data breaches need to be reported to data protection authorities (the CNIL in France, the ICO in the United Kingdom) by the controller within 72 hours, at the most. In the event of high risk, the controller must inform those concerned individually.
This notion ensures data portability between different service providers (for example, in social media, service providers specialising in supplying and managing email addresses).
It is necessary to ensure that the appropriate technical and organisational measures (TOMs) have been implemented in order to protect and secure personal data.
In case of non-compliance with the GDPR, fines can reach 4% of a company’s international financial turnover, or 20 million euros.
Data minimisation ensures that as little data is collected as possible. Therefore, collected data has to be relevant and limited to what is necessary for it to serve its purpose.
Data Privacy Professionals provides complete assistance services to VSBs, SMBs and MSBs in their GDPR compliance and all other data privacy legislations.
Depending on your organisation’s needs, we can offer a range of services:
• consultation and assistance (on site or remotely)
• data protection officer, (DPO) external or externalised by the company
• training courses (on site or remotely)
• all-in-one packages
Data Privacy Professionals’ services stand as the architect of your personal data. The auditing phase, training courses, consulting, GDPR compliance and DPO (data protection officer) are all included in our services.
Consulting services and GDPR compliance
Our consulting and GDPR compliance services are available on your company’s premises or remotely.
These services put into operation a data privacy programme which defines, hierarchises and implements the necessary actions to achieve compliance, and accountability since they will also demonstrate the steps taken by your company.
These services are available in a range of three tiers to best fulfil your needs:
• the GDPR compliance Business tier is available from 1 day of services.
• the GDPR compliance Platinum tier is available after 5 days of services.
• the GDPR compliance Titanium tier is available after 10 days of services.
GDPR and cybersecurity training courses for your company
GDPR training courses curriculums can be separated into three units:
A tailored GDPR training
Data Privacy Professionals tailors GDPR training courses in accordance to the size of your organisation (start-up, SMB, MSB) and to your field of activities, such as: