Feasible GDPR Solutions & Services
Planning, Building and Monitoring
Our No-Nonsense Approach will be turning your company into an GDPR compliant Business.
For a fraction of a cost.
What is GDPR?
Simply: Much stricter Compliance
GDPR come into power on 25th of May 2018.
[expand title="Good, and why should we care, actually?" elwraptag="div" ]
The new EU General Data Protection Regulation (GDPR) represents the most significant change in global privacy law in 20 years. The GDPR places important new obligations on any business that handles the data of individuals living in the EU, independent of where the business is located. Under the new legislation, companies can incur fines of up to €20 million or 4% of annual worldwide turnover (i.e., gross revenue), whichever is greater, depending on the nature of the violation.
The countdown to GDPR compliance has begun. While May 25, 2018 seems like a long time away, the process of building a plan, securing budget, and implementing a program can take several quarters or more.
Six key requirements
Do you run a small or medium enterprise?
You have obligation to be GDPR compliant
[expand title="Six, most important GDPR requirements" elwraptag="div"]
Scope: expansion of who is subject to the regulation, who is protected by the regulation, and who is enforcing the regulation
Data: new definitions of “personal data”, “sensitive personal data”, and the introduction of pseudonymized data processing
Consent: consent requirements for data processing and explicit consent requirements for profiling data (i.e., analysing personal preferences or behaviour)
Individual Rights: including the “right to be forgotten” for erasure of online information and “data portability” to easily transfer data to another provider
International Data Transfer: restrictions to personal data transfer outside of EEA unless adequacy requirements are met (e.g., via EU-US Privacy Shield once ratified, Model Contract Clauses, Binding Corporate Rules)
Data Breach Notification: notification to the Supervisory Authority within 72 hours and if there is potential for serious harm to individuals, notification must be “without undue delay”
Accountability: governance requirements such as audits and Data Protection Officers (DPOs), recognition of seals and certification programs as a route to demonstrate GDPR compliance