GDPR is a piece of Legislation issued by the European Commission aiming at setting forth guidelines which companies and entities must observe while assuring Personal Data Security and Privacy.
Personal Data (name, email, IP addresses, information collected by “cookies”, religion, medical history, social security number, bank account number, other …) is the sole property of the individual (natural person to whom it pertains) who is defined under this Law as the “Data Subject”.
Having Personal Data shared or available to 3rd party entities or individuals without a lawful base constitutes a legal breach under GDPR, for such Personal Data may render the Data Subject at risk.
Risk derives from the potential threat involved (potential negative impact towards the individual) versus the probability of interest on such Data from 3rd parties, hence while knowing merely the email of a given individual may represent a low risk of negative consequences towards the same, adding other Personal Data such as residential address, medical history, bank account number, other, raises such risk exponentially each time new Personal Data becomes widely available and therefore enabling unauthorized processing.
GDPR applies to any entity or company independently of its geographical location as long as it collects, accesses, stores, processes or shares Personal Data from Data subjects who reside in the European Union (being citizens, expats or visitors) and companies are advised under the law (article 35) to undertake a Data Protection Impact Assessment (DPIA) which allows them to map their IT Landscape and Operational Processes/ Contracts against the requirements posed by this Law.
During such DPIA the company shall identify any non-conformity points and define clear, concrete and scheduled actions which will mitigate such “deviations”, transforming non-compliant points into a compliant Mode of Operation (MO).
One key factor lays in the Human Resources, for no company may achieve a compliant MO, unless its staff (who deals with Personal Data) has become aware of WHAT to and WHAT not to do while handling Personal Data within the scope (as well as outside) of their operational tasks, therefore training and registering the degree of awareness through individual test is a key step towards achieving and documenting compliance.
AMS Experts Services for GDPR:
- IT Landscape Audit and Consulting
- Processes Audit and Consulting
- Partner contracts Audit and Consulting
- DPO (Data Protection Officer) support, as required by law towards non-EU based companies. Read more..
- Expert Legal advice on GDPR (this does not collide with your current lawyers’ support, it is, in fact, a complementary expertise offering, which must be aligned with your corporate legal support
For more information, contact AMS Experts’ GDPR Support