GDPR – General Data Protection Regulation
What are the risks for companies and organizations?
All our consulting services in IT Governance, Security, Risk Management, Business Continuity, Quality Management, and Assessment are completely available online.
ACTAGIS helps you to transform a constraint to an opportunity by adopting GDPR
25th May 2018 marks the date where all organizations processing personnal data, will have to follow a new set of laws governing data privacy, and the way they deal with their users.
ACTAGIS have put systems in place to ensure that its clients are well informed on GDPR and do not suffer from any unforeseen consequences such as fines ranging up to 4% of annual global turnover or 20 Million Euros.
GDPR has been years in the making and ACTAGIS has stayed abreast of the process every step of the way, enabling our experts to propose a pragmatic implementation approach.
Although Switzerland has its own Data Protection Act (DPA, under revision), GDPR concerns a majority of Swiss companies processing data of European residents.
Ultimately, it comes down to what measures organizations need to take in order to stay compliant and keep their users and the regulatory authorities satisfied.
Contact ACTAGIS today and consult one of our GDPR experts .
What is GDPR?
The general data protection regulation (GDPR) adopted by the European Parliament on 14 April 2016 will be directly applicable in all 28 Member States of the European Union as from 25 May 2018.
The RGPD responds to the problems inherent in the use of private data of citizens by information systems, such as: explicit consent, the right to deletion, the portability of personal data, profiling, data sensitive, data leakage, etc.
What would be the main effects and risks to companies in the event of non-compliance?
In this new context, european citizens will have more control over their private data because of the need for their explicit and positive consent, the right to erase data as soon as possible, the right to portability of their personal data and contesting decisions based on profiling. Otherwise, those responsible for processing information could be prosecuted for lack of respect for the rights of residents.
What measures need to be put in place to comply with the regulation?
Data protection should be integrated already at the design stage of products, services and systems that use personal data. Also, in case of failure of “default” security, companies expose themselves to a diagnosis of an insufficiently secure system.
A data privacy impact study should be implemented for all activities that could generate potential damage relative to the protection of personal data. Without measures to reduce these consequences, the company would also be subject to audits by the supervisory authority.
Companies and organizations will be required to notify the national protection authority promptly in the event of a serious data breach knowing that any delay would limit the right of users to be informed rapidly and to take appropriate action.
A Data Protection Officer should be appointed (in some cases it can be mandatory) as a point of contact for the supervisory authority. Depending on the public nature, the level of processing operations and the “sensitive” nature of the data, companies are obliged to answer to the solicitations of those wishing to exercise their rights.
Lastly, greater penalties are foreseen in the event of non-compliance with the regulation, up to 4% of the annual global turnover or 20 million Euros.
In conclusion, will these provisions be applicable in Switzerland?
The revision of the Data Protection Act (DPA) in Switzerland is underway with the initial aim of complying with European law. In all cases, the application of the GDPR is extra-territorial. Companies established outside the U.E. must be in compliance with the regulation as soon as they deal with U.E. residents data, by profiling or offering goods and services to them.
Our GDPR Services
Data Protection Impact Assessment
Privacy compliance framework
External Data Protection Officer (DPO)
Cyber Incident Response Management
Codes of conduct
Training and certification
We train your people
Active involvement of internal and external staff speeds up the integration of GDPR in the company culture.
We offer certified or custom in-house trainings in GDPR standards and frameworks.