THE GDPR IS UPON US: ARE YOU READY FOR THE REVOLUTION?
May 25th 2018 will mark the start of a new era for the protection of personal data and the laws that regulate processing by Public and Private Organisations. This is the date, in fact, when the General Data Protection Regulation (better known as the GDPR) (EU 2016/679) will come into effect.
The GDPR introduces new rights, responsibilities, duties and measures, but above all it dictates a new organisational model on companies that considers the handling of personal data within the production process. This model is aimed at ensuring greater protection for the user’s personal data and greater control over the information concerning him/her on the one hand, and on the other at providing guidelines and definite, shared tools to Public and Private Organisations for processing such information safely and transparently, gaining the greatest possible business benefit without damaging the user’s privacy.
To help Public and Private Organisations to comply with the GDPR within the timescales provided for in the new Regulations, Net Service offers a structured service in phases that starts with a census of the processed data, an analysis of the company processes involved and an evaluation of the client’s needs, and then continuing with tangible support while implementing the required modifications.
Approved by the European Parliament in April 2016, the GDPR will absorb current European and national legislation on Privacy, which is no longer suited to ensuring transparent handling of information in the Internet and Big Data era.
The legislation has a dual goal: on the one hand, harmonising privacy and information confidentiality laws of all the European countries, and on the other ensuring greater transparency and security in the handling of sensitive data for the processed by Public companies and bodies for the User.
This is a first important milestone for the standardisation of European privacy policies, that all those handling personal data must abide by, updating their own company processes, IT infrastructures and marketing activities before the legislation comes into force.
The General Data Protection Regulation (GDPR) introduces a new framework of obligations and measures, effective in all business scenarios and applicable to both the public and private sector, which must be observed by Organisations with offices within the European Union, and also by non-EU Organisations that offer services and/or conduct monitoring activities within the EU.
The legislation is for all those subjects and Organisations in the public and private sector that must handle third party personal data - whether relating to employees, clients, students, users or suppliers - as a part of their activities.
The principle of applicability of the European Union’s right to handle personal data that has not been processed within EU territory is also introduced. This takes place when data connected to the offer of items or services to EU citizens or data that requires monitoring of their conduct exist.
Applicability of the regulations therefore depends on the nature of data processing and no longer on the place where the Data Processor is based or on the size of the company.
With the GDPR, privacy becomes a company process to be managed in every single phase, an inherent element that is the basic requisite of any processing activity. This means that companies will require a new organisational model and new procedures. Personal data will have a value, becoming a development engine and driving force for the new emerging economy.
Therefore, the connotations of information provided and the ways in which consent can be obtained for the handling of personal data change, which become more understandable and easy to access, and new tools, procedures and professionals are introduced to increase the protection of processed data, in order to increase protection for the handled data, aid transparency and prevent or manage the risks coming from cyber attacks.
Sanctions will also be more severe in the event of violation and the management and transfer of EU citizen personal data is regulated for the first time, even when processed outside the European Union.
Therefore, in summary, the new European general Data Protection Regulations provide for an increase in users’ rights as well as the measures to be adopted by organisations and the Data Processors’ obligations. Below is a summary of the principles:
GDPR: USE NET SERVICE
With twenty years’ experience in the IT sector, Net Service has developed a specific intervention method to help its clients on their path towards the GDPR.
This is a GDPR compliance process split into three modules (Technological Compliance and Data Governance, Legal Support and Advisory Service and Bringing Marketing activities up to standard), which accompanies the companies and bodies involved while managing the necessary changes to methods and infrastructures for adapting to the new European regulations on privacy.
A GDPR compliance service guaranteed by certified skills in the applicational, infrastructural and legal fields, that are used for a customised approach, open to collaboration with technological partners, that provides for both the integration of Cyber Security and Data Management best practices, and the use of international standards, with the ISO 27001 and ISO/IEC 29134/2017 frameworks. All this to ensure modular, effective and flexible solutions for our clients.
Data auditing and a tailor-made operational plan that starts with the definition of the analysis parameter and the assessment of the requesting company or body’s organisational model, and then continues with creation of the type of service depending on their actual needs. Net Service will guarantee the presence of skilled personnel, in particular:
- Process expert
- IT security expert
- Legal expert on GDPR
These professionals will be assisted by support structures such as the Legal and regulatory competence centre, the Cyber Security Centre and the certified ICT provision structure, and by support tools, i.e. tailored software and applications that comply with GDPR.
The aim is to provide the client with a more efficient, flowing and legally-compliant organisation and greater security with regard to the organisation’s information assets and the sensitive data belonging to the users involved in processing.
Do you want to know more?