GDPR Compliance & Data Protection Officer
Since 25 May 2018, every organisation in Europe that manages personal data must be compliant with the new European General Data Protection Regulation (GDPR). This means everyone, since, at the very least, every company manages the personal data of its own employees. In fact, the fines are not insignificant: up to 4% of worldwide turnover. It remains to be seen whether these will actually be enforced, however. But the fact is that reputation and corporate image are damaged in the event of data leaks. And that’s probably a risk you’d rather not run, right?
Some industries are more involved than others due to the specific sensitive personal data that they process. The top 5 are:
A pragmatic approach to implementing GDPR
Even though 25 May 2018 has long passed, many organisations are still not compliant. This can especially be attributed to the fact that laws are often abstract and difficult to interpret. Your most important challenge? Translating the GDPR rules into specific actions. BDO consultants know how companies think and function, and how they can help transpose legal texts into an operational plan of action; bespoke, correct, without overkill; extremely pragmatic, transparent and independent. In addition, you should know that the new rules don’t just have a legal impact. Processes and technology must be in place too. That is why a multi-disciplinary approach is required; our teams include data privacy specialists as well as ICT security specialists.
Our whitepaper “GDPR: a pragmatic approach” describes how BDO helps companies to become GDPR compliant.
Data Protection Officer (DPO)
Organisations that process critical personal data on a large scale must appoint a Data Protection Officer (DPO). Due to the specific requirements regarding competences, these profiles are difficult to find. And since a full-time position is usually not required, many organisations choose to outsource the function. Our DPO-as-a-service offers a solution in this respect.
Cybersecurity & GDPR
Cyber incidents are one of the main causes of data breaches: a hacker can steal sensitive personal data, and this is expected to become increasingly common.
Thus, good cyber protection will become an important component of GDPR compliance. Unfortunately, perfect protection does not exist, the techniques applied by hackers are becoming more and more sophisticated, and it is practically impossible to be prepared for anything that might happen. So, not only must preventive measures be taken, but also measures allowing recovery from a cyber attack as quickly as possible.
Our cyber security services are also often delivered in the context of GDPR compliance, whereby we ensure that the most sensitive personal data are protected in a pragmatic manner based on their Data Protection Impact Assessment (DPIA).
Are you a service provider and does your service provision cause you to come into contact with your customers’ personal data? They have certainly already asked questions about GDPR and the measures you are taking to protect their data. By means of a GDPR certification you can show your customers that their personal data are in good hands with you. As a service provider, you will then have a powerful commercial asset to convince your customers that you have all the risks under control.
How can we assist you?
We can assist you in carrying out the following tasks:
- GDPR assessment: this is usually the first step towards becoming GDPR compliant. In a GDPR assessment, the current situation (AS-IS) is determined, as well as the ‘gap’ with regard to GDPR legislation. Based on this, specific measures are determined (TO-BE) and a pragmatic action plan is drawn up.
- Assistance with GDPR implementation: once the plan has been determined, the various elements of the plan must be carried out on the organisational, IT and legal levels. We can help you implement these elements, as well as take care of the project management involved.
- Data Protection Officer (DPO): we can perform this role for you or assist the internal DPO.
- GDPR certification
A pragmatic approach to the implementation of GDPR requirements is important. If this is not tackled efficiently, it may turn into a budget-consuming and overhead-creating monster. BDO assures you of a pragmatic and straightforward approach.