What does the GDPR entail for businesses?
The GDPR is an EU regulation which revolutionises the manner in which businesses process client, business partner, and employee personal data. The new regulations will enter into force on 25 May 2018. Entrepreneurs who will fail to observe them may face multi-million penalties (up to EUR 20 million). Furthermore, they will apply to every institution that uses or stores personal data – from small companies to large corporations – regardless of the industry or form of ownership. This reform becomes effective automatically in Poland and in every other EU Member State. EVERY business owner should prepare their company for the GDPR.
The main areas of application of the GDPR – impact on the organisation
IT, legal, sales, HR, marketing / customer service departments, and other e.g. monitoring department
Key changes and new requirements
- Implementing the principle of accountability
- Risk assessments in terms of the privacy of data owners
- Obligation to keep records and categories of processing operations
- Obligation to report breaches (incidents) to the supervisory authority (72 hours)
- Obligation to appoint a DPO (ISA) and change his status
- New provisions in agreements on the processing of personal data
- New definitions of ordinary and sensitive data
How to prepare your business for changes?
We offer our support in the implementation of legal and IT regulations introduced by way of EU Regulation No 2016/679 (GDPR) on the protection of natural persons with regard to the processing of personal data.
Stages
- The legal and the IT audit
- Reports with a list of recommendations
- Designing GDPR-compliant measures: internal instructions on the implementation, documentation, and internal ordinances
- Legal support
- Training courses for the company’s staff
How can we help you?
Based on the experience of a group of our data protection experts, we have developed a comprehensive package for the implementation of the GDPR regulations in your company – from A to Z. We support businesses in the implementation of new regulations on personal data protection and assist them in acquiring a Personal Data Protection Inspector.
After obtaining accreditation, ECDP ODO will also conduct certification processes and monitor the correct implementation of industry codes of conduct.
Our team consists of experts with unique know-how in the field of personal data protection, including experience gained from work at supervisory government agencies, large insurance companies and the financial sector. This legal competence is complemented by the expertise provided by a team of IT professionals. All in all, our services make it possible for the new regulations to be effectively adopted in every company.