General Data Protection Regulation

HOW WE CAN HELP

akrup logo.PNG

Gap analysis

 

Perform a gap analysis of your current system to indicate what must be done to comply with GDPR.

akrup logo.PNG

Document drafting

We can draft the necessary consent forms, policies, and procedures.

akrup logo.PNG

Data Protection Officer

 

Act as your organisation's Data Protection Officer (a new requirement under GDPR).

akrup logo.PNG

Requirements

 

Detailed advice on the requirements of GDPR and DPA 2018.

akrup logo.PNG

Implement ISO 27701 

 

ISO 27701 is a potential GDPR certification mechanism and would provide the necessary proof that your organization treats the personal information of its customers in compliance with the law, including for the case of cross-border data flows.

akrup logo.PNG

Accountability and governance

You must be able to demonstrate compliance with the EU GDPR. This includes:

  • Establishing a governance structure with roles and responsibilities.

  • Keeping a detailed record of all data processing operations.

  • Documenting data protection policies and procedures. 

akrup logo.PNG

Privacy rights of individuals

Individuals’ rights are enhanced and extended in a number of important areas. Data subjects have:

  • The right to be informed;

  • The right of access;

  • The right to rectification;

  • The right to erasure;

  • The right to restrict processing;

  • The right to data portability;

  • The right to object; and

  • Rights in relation to automated decision-making and profiling.

akrup logo.PNG

Six data processing principles

The EU GDPR lists six data processing principles that data controllers must comply with. Personal data must be:

  • Processed lawfully, fairly and transparently.

  • Collected only for specific legitimate purposes.

  • Adequate, relevant and limited to what is necessary.

  • Accurate and, where necessary, kept up to date.

  • Stored only as long as is necessary.

  • Processed in a manner that ensures appropriate security.

akrup logo.PNG

Data transfer outside the EU

The transfer of personal data to international organisations and countries outside the EU is only allowed:

  • Where the EU has designated a country as providing an adequate level of data protection;

  • Through standard contractual clauses or binding corporate rules; or

  • By complying with an approved certification mechanism.

akrup logo.PNG

Data Protection Officer (DPO)

The appointment of a DPO is mandatory for:

  • Public authorities;

  • Organisations involved in high-risk processing; and

  • Organisations processing special categories of data.

akrup logo.PNG

Transparency and privacy notes

Organisations must be clear and transparent about how personal data is going to be processed, by whom and why.

KEY GDPR CONCEPTS 

Start your Journey

Contact us now for a free quote or if you have any questions.