The development of a Personal Data Protection Program aims to comply with the General Data Protection Regulation.
The service includes the development of Personal Data Protection Policies and Procedures, compliance checks with the regulation, personal data protection analysis (DPIA) and training on personal data protection issues.
Specifically, a Personal Data Protection Program, based on the requirements of the new Regulation, includes:
• Assess the current state of the organization in terms of information security and protection of personal data
• Identify the different types of personal data, identify the units of the business that have personal data and record how they are collected and managed.
• Creation of files and registers, flow charts of personal data and Policies and Procedures
• Management of the Partners in order to confirm the compliance of the Regulation by them
• Perform Data Protection Impact Assessment for any different activity that involves a high risk for personal data
• Carrying out Risk Assessment and Treatment (Technical & Organizational Measures) and Compliance Plan
• Training and Awareness of the staff of the organization regarding the Protection of Personal Data
• Compliance Audit
The benefits of an organization from the service are:
• Compliance with the Regulation and avoidance of exposure to the very high fines it imposes (4% of the global annual turnover or € 20,000,000, whichever is higher)
• Competitive advantage as the Regulation requires each Data Controller to confirm that the Data Processors are also compliant with the Regulation.
• Creating a culture of personal data protection for all employees
• Identifying and Managing Risks for the Privacy and Freedoms of Individuals