DATA PRIVACY GDPR
GDPR is a regulation that requires businesses to protect the personal data and privacy of EU citizens for transactions that occur within EU member states.
The GDPR does not simply apply to EU domestic business, but to companies worldwide that target their goods and services to European citizens. GDPR applies to controllers and processors that are handling the personal data of European individuals.
The penalties for non-compliance are significant and are separated in two tiers. It vary depending on many factors including – among others – the duration of the infringement, the number of the data subjects affected and the level of impact.
GDPR Services
GTISec will include:
-
Assessment – This will conclude Compliance Roadmap
-
Design – Actions to be performed will be proposed accordingly
-
Implementation – In align with IT processes and organization execution will be initiated.
-
Sustainability
EU General Data Protection Regulation
-
The right to be forgotten - At any moment in time a customer can ask you to erase any data that you are holding on one of your systems. Are you ready for this ? Have you made an inventory of the different files and database where you store customer data ?
-
Scaled consent - The customer should be given options for receiving newsletters or communication. This can include time-base intervals, which media to use for newsletters, etc.
-
Data breaches will need to be reported within 72 hours of being discovered.
-
Appoint a data protection officer (DPO)
GDPR Compliance and Benefits
GDPR codes of conduct and certification brings a number of benefits over and above demonstrating that you comply. It can:
-
Improve transparency and accountability – enabling individuals to distinguish the organizations that meet the requirements of the law and they can trust with their personal data.
-
Provide mitigation against enforcement action; and improve standards by establishing best practice.