• YouTube - White Circle
  • Twitter - White Circle
  • LinkedIn - White Circle

Data Protection

General Data Protection Regulation

The General Data Protection Regulation will come into force on May 25, 2018. 

What is the goal of the General Data Protection Regulation (GDPR)?

DAYS

HOURS

MINUTES

SECONDS

The GDPR is based on the fundamental right of data privacy and personal data protection. It is focused on providing better protection to all residents of the European Union by harmonising the protection of personal data in all 28 Member States. By strengthening the legal framework for the use of individuals' data, this regulation aims to boost consumer confidence in new technologies and enable the better development of the digital economy.

Who will the GDPR affect?

The scope of GDPR, defined in Articles 2 (Material scope) and 3 (Territorial scope), is much broader than the Directive 95/46/EC which was implemented in October 1998. The Regulation introduces the rule of extraterritorial application of European law and the subcontractors have now become directly affected by the regulation.

Previously, adherence to guidance provided by the Directive was not mandatory and each EU member-state could implement direction as they see fit. However, the issuance of the Regulation now applies a standard requirement to all impacted parties, regardless of location, provided that the data in question is directly related to EU residents.

 

Are you affected by GDPR? Take our test to find out

The GDPR will require individuals to:

  • Create the role of a Data Protection Officer, responsible for managing the data protection system

  • Define data collection, data processing, storage, transfer and deletion processes

  • Create a data breach notification process

  • Obtain explicit consent from the client when collecting data

  • Strengthen a persons right to access their data and right to be removed

  • Increase awareness and conduct training on data protection for any person involved in handling personal data.

GDPR Non-Compliance consequences

Sanctions can be:

  • In the case of a minor breach: a simple reminder.

  • In the case of a more serious breach: an administrative fine.This administrative fine can reach up to 4% of a company's turnover, thus requiring constant alertness in the processing of personal data

  • The fine will take into account the nature, seriousness and duration of the infringement as well as the intentional nature of the breach and any other mitigating circumstances.

In addition to the financial penalties, there is the risk of harming the company’s image with its clients.

How ready are you for GDPR?

Use our diagnosis tool for a high level review of your data protection practices and assessment of your level of compliance with GDPR.

 

 This tool covers the 12 key themes of the GDPR regulation:

  • Governance and Policy

  • Responsibility

  • Training

  • Customer rights

  • Privacy by design/Privacy by default

  • Storage and deletion of data

  • Security and Incident Management

  • Subcontracting

  • Impact analysis of data protection

  • Transfers

  • Statistical treatments

  • BCR/Internal business rules

Sia Partners Expertise

Our experts can help you achieve GDPR compliance using our 4 step approach:

Our Experience

Having globally assisting and advised both Tier 1 international banks and multinational organisations on a wide range of GDPR projects, Sia Partners is well positioned to support you in your compliance with GDPR

Want to know more or talk to one of our experts?