GDPR – Baseel Ltd

About GDPR

The General Data Protection Regulation (GDPR) shall replace the 1995 General Data Protection Directive and apply directly in each of the 28 EU member states.

What is GDPR?

The General Data Protection Regulation (GDPR) was adopted by the EU in April 2016 and replaced the EU Data Protection Directive 95/46/EC.GDPR will be a mandatory legal requirement for all companies operating in the EU from 25th May 2018. There are clear requirements for processing personal data in a fair and consistent manner. The GDPR brings harmonization across the EU regarding data privacy.

Key Considerations:

A mandatory Data Protection Officer (DPO) for companies that processes Personal Data or monitor data subjects regularly and systematically, on a large scale and as part of their core activities.

The requirement to prove that adequate Technical and Organizational measures are in place to protect Personal Data.

Increased transparency to individuals about processing activities. Consent from the data subject to must be unambiguous and affirmative.

The “right to be forgotten” for individuals who no longer want their data processed, in the absence of legitimate grounds for the data controller to retain the information.

A right to data portability to enable individuals to transfer their data between service providers.

Privacy by design as default in setup and management of systems and organizational processes.

Privacy Impact Assessments prior to any processing which may result in a high risk for the rights and freedoms of individuals.

Accountability in the form of demonstrable compliance with the Regulation.

Data Processors processing on behalf of data controllers must also fully comply with the requirements of the Regulation.

Need for getting accredited to GDPR Compliance:

Mandatory requirement from the 25th May 2018

Client Demand: All clients from Public and Private sector will expect their Supplier to be compliant with GDPR

Heavy Fines and Legal Action: Administrative fines of up to 4% of global turnover or 20 million Euros (whichever is higher) for companies that breach the requirements of the Regulation. Possibility to file class-action lawsuits against data controllers/processors for breaches of the Regulation. Reversal of burden of proof in lawsuits against data controllers/processors

Compensations: Right for compensation by individuals for damages resulting from violations of the Regulation by a controller or processor

Our Service Offerings

Privacy Impact Assessments: Conduct organisation-wide Privacy Impact Assessments including Process Mappings and Data Discovery
Data Protection Officer Services: achieve and maintain GDPR compliance, deal with day to day Data Privacy issues, represent organisation while dealing with the third parties and regulators
Implement Technical and Organisational Measures: Cyber Essentials / Cyber Essentials Plus Certification body and ISO27001 Lead Auditors who shall help organisations to implement and prove the required Technical and Organisational measures
Supplier Management: Improvements in the supplier contracts to address GDPR requirements. Closely monitor and improve Supplier performance for data processing activities
Incident Management Services: improve breach handling, reduce organisation impact and comply with GDPR requirements

GDPR consultancy approach

Engagement: After the pre-assessment scoping call, all relevant documentation is sent to the client with adequate guidance notes
Assessment: A combination of onsite and offsite assessment is conduct to assess the gaps and to finalise the best approach for the certification. Product gap assessment report and suggested project plan for gap remediation
Gap remediation support: As per the client need to provide bespoke consultancy and delivery to address the gaps.
Compliance Health Check: On an ongoing basis ensure compliance is maintained through regular and specific assessments
Liaise with the Supervisory Authority: Be the Single Point of contact with the supervisory authority (the ICO for the UK) for GDPR related issues