The objective of the General Data Protection Regulation (GDPR) is to protect all citizens of the EU against privacy breaches in an increasingly data-based world (internet, social networks, e-commerce, IoT, big data, cloud …), very different from when the 1995 directive was established.
The General Data Protection Regulation will replace local data protection laws in all EU countries on 25 May 2018. The GDPR will have a major impact on the way organisations collect and process personal data.
All large and small organisations that deal with information about individuals will have to adapt quickly. Organisations violating the GDPR may be fined up to 4% of their annual worldwide turnover or 20 million euros (the highest amount retained).
Cost or opportunity?
At first glance, the GDPR is a regulatory constraint for businesses.
But by investing appropriately in your GDPR project, you can create additional value for your business.
It is important to make sure your clients feel safe. The fact that customers are increasingly concerned about the disclosure of personal data creates a new opportunity for businesses. If you can establish a sense of security and trust with your customers by giving them a guarantee that their information is secure, this can give you a competitive edge.
The answer is also found in the personal data itself. You surely heard the phrase now overused « Data is the new oil ».
Very often, the data remain in the systems. They are stored, but not exploited because in raw, unconsolidated and hardly accessible formats.
It is only when different departments in a company begin to share or have easy access to relevant consolidated information that they can innovate and begin to improve performance, reduce costs and do better fact-based planning rather than hypotheses.
A GDPR project is an opportunity to enhance the data stored in the company. When inventorying data, an analysis can be conducted in order to make the best use of the information available and to improve its ability to make relevant decisions in its activity.
How can we help you prepare?
Our multidisciplinary team of experts in cyber security and data privacy, change managers, lawyers and business managers can help you understand the impact of the GDPR on your company, prepare a compliance action plan that will consider all the aspects: legal, human, process, business, technological and generate value for your business.
Examples of tasks we can perform:
- Assessing the impact of data protection (DPIA) on your business
- Inventory of flows of all personal data processed and classification of confidentiality
- Assessing the maturity of data protection and its impact on business processes, projects, systems and business
- Implementation of a data protection program (Iso27001, NIST, …) in order to take appropriate information security measures to ensure the confidentiality, integrity, availability and resilience of data processing systems and services
- DPO as-a-service : takes over the role of the Data Protection Officer in an organisation in line with GDPR requirements
- Legal analysis of compliance with data protection legislation
- Drafting of legal documents: contracts with subcontractors, contracts with customers, general conditions, privacy rules, …