General Data Protection Regulation

GDPR (General Data Protection Regulation) is a regulation in EU Law (EU) 2016/679 on data protection & privacy of individual citizens’ Personal Data or Personal Identifiable Information (PII) of European Union (EU) and European Economic Area (EEA). It is also applicable to outsourcing this data out of EU and EEA as well.

GDPR Compliant

What are the benefits of being GDPR Compliant?

  • The opportunity for customer retention and confidence in EU & EEA regions
  • Better data security practices
  • Opportunity to learn & implement new technology
  • Secured mode of data storage & transfer
  • New rules & rights for individuals/data subjects (consents, data deletion, privacy policy, etc.)
  • Transparency with interested parties on the use of personal data processing
  • Outward business development approach
  • Streamlined client support approach
  • Better handling of personal information of individuals
  • Imposing data minimization on all business processes
  • New job opportunities for DPO & other security roles

Who should be GDPR Compliant?

The regulation applies to the processing of Personal Data in the European Union.

This regulation applies to the processing of personal data in the context of the activities carried out by an establishment; either in the capacity of a controller or a processor, or both, in the European Union, regardless of whether the processing takes place within EU-EEA or out of it. To simply:

  1. Firms located in the EU-EEA
  2. Firms not located in the EU-EEA, if they offer free or paid goods or services to EU residents or monitor the behavior of EU residents

What are the requirements to be GDPR Compliant?

  • Lawfulness, fairness & transparency to Data Subjects
  • Limitation of purpose, data, and storage
  • Data Subject rights
  • Consents
  • Legitimate Interests Assessment (LIA)
  • Personal Data breaches
  • Privacy by Design
  • Data Protection Impact Assessment (DPIA)
  • Data storage & transfers
  • Data Protection Officer
  • Checks on processing activities and personal data inventory
  • Checks on privacy policies and privacy notices
  • Embed data privacy into operations
  • Checks on training and awareness programs
  • Checks on information security risks
  • Checks on third-party risks related to Personal Data
  • Checks on Data Subject Access Request (DSAR)

Get In Touch 

have a question? let us get back to you.