INFORMATION SECURITY POLICY
Changing laws impose new challenges and the need to adapt your company to legal requirements.
One such challenge is GDPR
GDPR – General Data Protection Regulation, which came into force in the European Union on May 25th, 2018. Companies in the EU member states have to implement serious changes, and multi-million penalties (up to 20 M EUR or 4% of the annual turnover – depending on which amount is higher) will be imposed on non-compliant businesses.
Who is affected by the GDPR?
In fact, all companies that collect and use data on natural persons. These can be both large corporations – for example insurance companies or financial institutions – and small family businesses.
The aim of the regulation is to fully harmonize both the EU law as well as free movement of personal data. It is intended to allow residents of the European Union to better control their personal data and to modernize and unify regulations enabling companies to reduce bureaucracy and benefit from increased customer trust.
The new law implements, among others:
- regulations on data access (providing more information on how the data are processed and accessed in a transparent and comprehensible way)
- regulations on data transfers (facilitating the transfer of personal data between service providers)
- regulations on the right to remove data (“the right to be forgotten”)
- regulations on immediate information about a hacker attack on data (companies will be obliged to notify the relevant data protection authorities about such attacks within 72 hours)
- regulations related to pseudonymisation and encryption
We are specialists in preparing both businesses and authorities to implement internal regulations and IT solutions enabling the adaptation of technical infrastructure to the requirements of GDPR regulations.
