About GDPR

The General Data Protection Regulation (GDPR) shall replace the 1995 General Data Protection Directive and apply directly in each of the 28 EU member states.

Get Started

What is GDPR?

The General Data Protection Regulation (GDPR) was adopted by the EU in April 2016 and replaced the EU Data Protection Directive 95/46/EC.GDPR will be a mandatory legal requirement for all companies operating in the EU from 25th May 2018. There are clear requirements for processing personal data in a fair and consistent manner. The GDPR brings harmonization across the EU regarding data privacy.

Key Considerations:

  • A mandatory Data Protection Officer (DPO) for companies that processes Personal Data or monitor data subjects regularly and systematically, on a large scale and as part of their core activities.
  • The requirement to prove that adequate Technical and Organizational measures are in place to protect Personal Data.
  • Increased transparency to individuals about processing activities. Consent from the data subject to must be unambiguous and affirmative.
  • The “right to be forgotten” for individuals who no longer want their data processed, in the absence of legitimate grounds for the data controller to retain the information.
  • A right to data portability to enable individuals to transfer their data between service providers.
  • Privacy by design as default in setup and management of systems and organizational processes.
  • Privacy Impact Assessments prior to any processing which may result in a high risk for the rights and freedoms of individuals.
  • Accountability in the form of demonstrable compliance with the Regulation.
  • Data Processors processing on behalf of data controllers must also fully comply with the requirements of the Regulation.

  • Need for getting accredited to GDPR Compliance:

  • Mandatory requirement from the 25th May 2018
  • Client Demand: All clients from Public and Private sector will expect their Supplier to be compliant with GDPR
  • Heavy Fines and Legal Action: Administrative fines of up to 4% of global turnover or 20 million Euros (whichever is higher) for companies that breach the requirements of the Regulation. Possibility to file class-action lawsuits against data controllers/processors for breaches of the Regulation. Reversal of burden of proof in lawsuits against data controllers/processors
  • Compensations: Right for compensation by individuals for damages resulting from violations of the Regulation by a controller or processor

  • Our Service Offerings

    • Privacy Impact Assessments: Conduct organisation-wide Privacy Impact Assessments including Process Mappings and Data Discovery
    • Data Protection Officer Services: achieve and maintain GDPR compliance, deal with day to day Data Privacy issues, represent organisation while dealing with the third parties and regulators
    • Implement Technical and Organisational Measures: Cyber Essentials / Cyber Essentials Plus Certification body and ISO27001 Lead Auditors who shall help organisations to implement and prove the required Technical and Organisational measures
    • Supplier Management: Improvements in the supplier contracts to address GDPR requirements. Closely monitor and improve Supplier performance for data processing activities
    • Incident Management Services: improve breach handling, reduce organisation impact and comply with GDPR requirements

    GDPR consultancy approach

    • Engagement: After the pre-assessment scoping call, all relevant documentation is sent to the client with adequate guidance notes
    • Assessment: A combination of onsite and offsite assessment is conduct to assess the gaps and to finalise the best approach for the certification. Product gap assessment report and suggested project plan for gap remediation
    • Gap remediation support: As per the client need to provide bespoke consultancy and delivery to address the gaps.
    • Compliance Health Check: On an ongoing basis ensure compliance is maintained through regular and specific assessments
    • Liaise with the Supervisory Authority: Be the Single Point of contact with the supervisory authority (the ICO for the UK) for GDPR related issues

    Baseel Limited

    Insight >> Integrity >> Impact >>