GDPR (General Data Protection Regulation) May 2018

What is GDPR?

gdprThe General Data Protection Regulation (GDPR) is the highest-significance change in the regulation of data-privacy during the last 20 years. It will affect any organisation dealing with significant amounts of personal data within the EU, including Malta.

GDPR is a single EU law devised to abolish the current fragmented network of data protection and privacy laws across member states. With GDPR, the EU aims to have better, unified control over the digital economy and privacy issues that may arise from companies’ handling of personal data.
All Maltese and EU companies need to abide by the new regulation or risk hefty fines and sanctions. We’re here to make sure you’re up to speed!

How did GDPR come about?

After 4 painstaking years of debate and preparation, GDPR was finally approved by the EU Parliament on 14 April 2016. The new general data protection regulation has entered into force only 20 days after its publication date in the EU Official Journal. GDPR becomes directly applicable in all EU member states on 25 May 2018.

After this date, non-compliant organisations face heavy fines and the Maltese Data Protection Act (Chapter 440 of the Maltese Constitution) will be permanently repealed and replaced by GDPR.

GDPR is a leap forward from the older Data Protection Directive 95/46/EC. It’s designed to:

• Harmonise privacy laws across Europe
• Protect and empower all EU citizens’ data privacy
• Reshape the way organisations across the region approach privacy

How will GDPR affect you?

data protectionThis is where we come in. We can make the key points of GDPR readily understandable to you and your organisation, plus advise you on how to make sure your organisation is compliant ahead of the May deadline.

Since the new regulation is extensive and fines can reach €20,000,000 or 4% of an entity’s total worldwide annual turnover, GDPR comes with serious obligations and consequences.

Here are some of the other changes proposed by the new laws:

• GDPR will apply to a wider area in the EU
• You will have to notify users of your breaches
• You might have to appoint a new Data Protection Officer
• Your data processors will now be held directly liable by law
• You will have to abide by more stringent consent requirements for handling personal information
• You will have to provide more information to data subjects and users
• Your data controller-processor contracts will be guarded by more stringent requirements
• The general notification requirement will be removed
• You will have to observe new subject rights for users

While this is welcome news for your personal data protection, your organisation might still be lagging behind on the implementation of some of the changes above.

The object of our advisory role is to help you take the necessary measures to become fully compliant before 25 May 2018. With our intervention, not only will your organisation be versed in the best data practices, but you’ll also be immune to severe financial punitive action for the utmost peace of mind.

Assessment

Is information central to your business sustainability and success? Is the way you manage data compliant with the new regulation? Is your data management process secure enough to protect the source of your information? Is your staff aware, informed and ready for changes in general data protection regulation? We’ll conduct a gap analysis to tell you exactly what your organisation needs to be in line with the new regulation. Book your FREE CONSULTATION by sending us a meeting request.

Planning

Once we have your assessment, we’ll zero in on any weaknesses and risks in your data management processes. We’ll evaluate whether your data management is truly protecting the privacy of your data subjects and how strong your processes are. We’ll then come up with our expert recommendations and a solid plan for implementation.

Solutions

We’ll then work hand in hand with you to deploy the recommended solutions in the mutually agreed action plan. We’ll work out a strategy to protect the information that creates value for your business and redesign your processes to align them with the new regulation. We’ll verify the privacy of your source of data to ensure that no breaches occur when you handle the data. Lo and behold, your organisation will be GDPR compliant.

The GDPR deadline is 25 May 2018. Are your ready?  Click here to book your FREE consultation today >>>

+ - GDPR Compliance Check List

+ - GDPR Compliance Roadmap

+ - Data Protection Impact Assessment

We conduct an assessment on Data Privacy Impact, which ensures:

• a systematic operations description and purpose of the processing including, the legitimate interest pursued by the controller;

• the balanced necessity and proportionality of the processing in relation to the purposes that the risks to the rights and freedoms of data subjects are assessed;

• the measures to address risks and compliance with regulations, taking into account the rights and legitimate interests of data subjects and other persons concerned.

Privacy impact assessment on risky and large-scale process of personal data

+ - Data Protection Officer Services

We can act as your data protection officer when necessary, to fulfill the requirement of the regulation. As DPO we will monitor operations, which by virtue of their nature, scope or purpose, require regular and systematic monitoring of your data subject on a large scale.

+ - Privacy by Design & Default

We develop business processes for products and services that by Design and by Default Privacy of data is protected, through operational and technical measures which are designed to be embedded in your business process systems.

+ - Tailored Workshops

Help you build your organisation’s competence through a variety of workshops tailored to address the unique needs of your company. Our programs provide a concrete understanding of key aspects relating to GDPR which will help you manage your company better and improve performance, and cover matters relating to the nee regulation and best practice in data privacy and protection.