- Data sharing/supplier contracts to ensure GDPR compliance on data transfers
The GDPR provides a set of new transfer mechanisms, including approved codes of conduct, certification mechanisms, seals and marks as an appropriate safeguard for data transfers. However, they must be provided in conjunction with binding and enforceable commitments of the recipient controller or processor in the third country. Transfers of personal data to a third country are prohibited unless an adequacy decision, appropriate safeguard or derogation can be applied. 'Third country' in GDPR terminology often means any country or territory outside the EEA. The new "Privacy Shield"/Safe Harbor mandates are relevant with regards to international data transfers, primarily to the USA.
- EU data protection law (GDPR) is a new era for corporate IT, Cyber and Data foundation. Part I of II
Introduction to the main components of the GDPR legislation is to address issues such as conditions for processing employee data, restrictions on the rights enjoyed by data subjects or the need to appoint a data protection officer. In future, it is a criminal offence if the leak of personal information is due to a hacker and is part of an enhanced sanctions regime.
- GDPR reveals the new role and responsibilities of data controllers and processors
Under the current data protection regime (1995), data protection obligations are predominantly applied to the Controllers, i.e. the entity which determines the purpose, extent, protection and responsibilities of processing the data. In future, the Processor will have additional responsibilities under the GDPR. E.g. the processor will have to assist the controller in determining which security measures are appropriate. The processor will also need to provide information to the controller necessary for demonstrating compliance and will be required to assist with data audits.
- GDPR is a vital Change Management discipline
If lawyers and consultants implemented GDPR as a project, while the rest of the company carried on as business as usual, there would not be a need for a change process to implement GDPR. Use the fines and share price impact if management commitment is an issue. However the right change processes can help clean up IT and data, develop business growth and streamline processes.
- How to challenge Compliance issues while implementing GDPR in the organisation?
The How aspect addresses the need to understand how the data was acquired in the first place and the training to detect and report the unusual and the suspicious that will challenge Compliance. It is, therefore, the knowledge from The How investigations; the manner, methodology and the framework that can challenge Compliance while implementing GDPR.
- The effect of GDPR risks on the corporate reputation
The business reputation is the perception of stakeholders about the company's past and future ability to deploy its strategy to meet their expectations. Managing and forging this internal and external trust enhances the perceived quality of services, attracts talented leaders and business partners, improves performance, allows access to capital, creates differentiation, delivers sustained earnings, and increases the market value. The reputation is the final consequence of how the ethical values permeated the corporate culture to be visible to stakeholders. Corporate values need more than being self-proclaimed to improve the image perceived by stakeholders.
- The EUGDPR Institute helps organisations to comply with the new era in privacy regulation with regards to GDPR audits, assessments, training and certifications
- Consent the GDPR way is free, accurate, informed and unambiguous approval to process personal data