The GDPR does not simply apply to EU domestic business, but to companies worldwide that target their goods and services to European citizens. GDPR applies to controllers and processors that are handling the personal data of European individuals.
The penalties for non-compliance are significant and are separated in two tiers. It vary depending on many factors including – among others – the duration of the infringement, the number of the data subjects affected and the level of impact.
GTISec will include:
1.Assessment – This will conclude Compliance Roadmap
2.Design – Actions to be performed will be proposed accordingly
3.Implementation – In align with IT processes and organization execution will be initiated.
4.Sustainability
A few Examples
At any moment in time a customer can ask you to erase any data that you are holding on one of your systems. Are you ready for this ? Have you made an inventory of the different files and database where you store customer data ?
The customer should be given options for receiving newsletters or communication. This can include time-base intervals, which media to use
for newsletters, etc.
Appoint a data protection officer (DPO)
GDPR codes of conduct and certification brings a number of benefits over and above demonstrating that you comply. It can: