General Data Protection Requirements (GDPR)
The EU General Data Protection Regulation (GDPR) is one of the largest ever changes in data protection law. It replaces the existing Data Protection Directive and came into force on 25th May 2018.
The aim of the GDPR is to give Europeans better control over their personal data held by organisations worldwide. The new regulation focuses on keeping organisations more transparent and expanding the privacy rights of individuals. The GDPR also introduces more stringent penalties and fines for organisations who are non-compliant ranging up to 4% of annual global turnover or €20 Million, whichever is the greater.
We are partnered with TwoBlackLabs who are GDPR specialists. If you would like an introduction, please contact us.
Privacy Impact Assessments
A Privacy Impact Assessment is a documented impact assessment that helps to identify the privacy risks associated with a solution.
A Privacy Impact Assessment aims to:
Ensure conformance with the Privacy Act and/or GDPR and policy requirements for privacy.
Determine the privacy risks and effects
Evaluate controls and alternative processes to mitigate potential privacy risks.
The advantages of doing a Privacy Impact Assessment are:
Avoidance of costly or embarrassing privacy mistakes
Aids in the identification of privacy problems early to allow appropriate controls to be identified and built
Enhanced informed decision making regarding appropriate controls.
It demonstrates that the organisation takes privacy seriously.
Increased trust by customers and employees.
We are partnered with TwoBlackLabs, which are PIA specialists. If you would like an introduction, please contact us.