The EU general data protection regulation 2016/679 (GDPR) will take effect on 25 May 2018. This regulation will revolutionize the way we approach the protection of individuals’ privacy. It is not simply a matter of far-reaching changes in the data protection regulatory requirements; it imposes serious consequences, including heavy fines (up to EUR 20 million or 4% of annual turnover) and holds civilly liable for infringements.
The implementation of the GDPR requirements is an interdisciplinary undertaking, involving many areas: legal, compliance, IT, security and business. It would therefore be vital not only to conform to those guidelines on 25 May 2018, but to ensure the compliance at a later stage as well. This necessitates introducing changes to the IT systems and business processes, to implement contact procedures and mechanisms with data subjects and regulatory authority and to optimize the company’s organizational structure.
In support of clients in the GDPR area, we provide both comprehensive advice (as project’s implementation leader) and legal support of limited scope at a particular stage. We can provide, amongst others: assistance in conducting the inventory and establishing of map of processes of data processing, identification of gaps in the processes and IT systems, assistance in addressing the gaps and GDPR requirements’ implementation, preparation of necessary documentation, devising an internal compliance management system with the GDPR requirements (Data Protection Inspector, consultancy mechanisms, internal trainings, actualization and adaptation to the changes).