GDPR compliance journey for the Digital age

 

To receive a brochure or for any additional information

 

In 4 steps, your organization compliance to General Data Protection Regulation - GDPR

General Data Protection Regulation - GDPR

What is GDPR?

In April 2016, The European commission ratified the General Data Protection Regulation – GDPR, which will take effect in May 25th, 2018. The GDPR is a very large and complex piece of legislation consisting in 173 recitals and 99 articles, which cover the capture, control and consent to use personal information.

GDPR builds on the data protection framework currently in force in the EU member states. It adds a significant number of obligations for organizations as well as new rights for individuals. It also expands the territorial scope of its application to organizations established outside of the EU for both data processors and data controllers.

What is the financial impact of not being compliant with GDPR?

The GDPR introduces a tiered penalty system for violations of the many requirements.

Some violations will incur fines up to 4 percent of the company global revenue or up to 20  millions €  for non-compliance.

In addtion, company’s reputation damages will drastically reduce market shares.

What does it mean for the EU Citizens?

GDPR extends the scope of personal privacy laws to protect the data rights of EU citizens:

  • Individuals will have greater control of who has their data, and how it will be used.
  • Organizations must report on data breaches within 72 hours
  • Organizations will be bound by more stringent rules for obtaining consent from individuals on how their data can be used.

How does GDPR impact your organization?

GDPR requirements apply to all business units of the organization such as HR, Marketing, Product Management, Vendor Management, Accounting, Information Security or Service Desk. These requirements apply to the entire lifecycle of the personal data within the organization, i.e. from the collection until the deletion or archiving of the personal data.

Therefore, GDPR means a degree of change for most organizations in terms of:

  1. Processes:  new processes, interfaces with other processes, new ways of working, etc.
  2. Organization: new roles and new responsibilities, communication of new processes, training, coaching, etc.
  3. Data Governance: Compliance transformation ; Data Accuracy, Data integrity and Confidentiality, Data Protection Impact Assessment,  Data Governance solution and integration with existing applications, etc.
  4. Policies: new organization policies, contracts, data processor agreement, privacy notices, etc.

Under GDPR, it’s clear that the responsibility of protecting personal data of customers and prospects falls on the shoulders of your organization.

How to become GDPR compliant?

GDPR address multiple privacy and security issues throughout the lifecycle of personal data.

To be compliant with the GDPR, organizations should be able to answer positively to, at least, the following questions:

  • Does your organization have a legal basis for collecting and using personal data?
  • Does your organization exercise due diligence to make sure the collected data remains accurate?
  • Does your information security framework comply and integrate with security requirements implied by GDPR regarding the confidentiality, integrity and availability of personal data?
  • Is there a process in place to respond to data subjects’ requests for accessing their data within a predefined time?
  • Are you ready to provide data portability?
  • Are data governance requirements in place? (e.g. documentation of the activities, allocation of adequate resources, training of employees, data protection impact assessment, etc.)
  • Does your organization comply with the requirements for cross-borders and overseas data transfers?

Organization must be 100% compliant from day one.

How to start your GDPR journey?

The GDPR journey has four 4 steps:

  • Step 1: Understand & Identify the impact of GDPR within your organization
  • Step 2: Identify & Classify your data by answering the following questions: Where is my data? Who is responsible for the data?
  • Step 3: Define and implement the appropriate level of governance for the project and the day-to-day operations.
  • Step 4: Design and get the right organization in place: An accountable and responsible function within your organization must be established to ensure GDPR compliance.

Why Actoris can help you during your GDPR journey?

While GDPR is clear on what needs to be done, many organizations are struggling with how to do it.

Actoris consultants understand the GDPR challenges, and understand that those require Processes, Policies, Organizational, and Data governance capabilities alignment.

Our methodology focuses on Collaboration, Co-Creation and Agile principles to answer Data Governance and GDPR challenges.

 

Act for  your General Data Protection Regulation - GDPR helps you to:

  • Assess the current state and make a gap analysis.
  • Identify and classify data by understanding how you are using them.
  • Ensure Data Protection Impact Assessments (DPIA) have been executed.
  • Set up the right function within your organization including well trained people on data privacy and data protection requirements.
  • Optimize processes, policies and contracts to ensure GDPR compliance.
  • Being the coordinator between the legal-compliance teams and the technical teams during the project.
  • Select the best technology solutions to classify, manage, control and protect your data.
  • Implement Data monitoring  and Data reporting to prove you are GDPR compliant.

Contact us and quickly receive a detailed quote of the actions needed to start your GDPR journey.