It is worth achieving GDPR compliance first and completing a preventive audit so that we can identify possible shortcomings. Without being aware of these, effectively preparing for GDPR is not possible.
Briefly about GDPR
- GDPR was created to provide equal legal certainty for EU citizens and guarantee a reliable flow of data between Member States.
- The regulation entered into force on 25 May 2018.
- The penalty for breaching the provisions may be as high as € 20 million, or 4% of annual global sales.
- The fields covered by the rules include, for example, the protection of the fundamental rights of the interested parties, compliance with data management principles and the obligation to report incidents.
What are the GDPR requirements for companies?
- Built-in and default data protection – Companies must be able to demonstrate they have implemented technical and organisational measures to guarantee proper data management.
- Records of data management activities - Companies must categorise the data they manage and collect information on data management.
- Data Protection Officer - A Data Protection Officer must be appointed.
- Data Protection Impact Assessment - In the case of high-risk data management, data protection impact assessment must be performed.
- Incident reporting and recording – Incidents must be reported and the competent authorities informed within 72 hours.
- Government Decree 42/2015
- Decree 41/2015. (VII. 15.) BM of the Ministry of Interior
- Act L of 2013 on the Electronic Information Security of Central and Local Government Agencies
On protecting the information system of financial institutions, insurance undertakings, reinsurance undertakings, investment firms and commodity dealers.
On the Technology Security and Secure Information Tools and Products, further the Requirements for Assigning in Security Units and Security Levels Established in Act L of 2013 on the Electronic Information Security of State and Municipal Bodies.
Requirements for the security of national electronic data assets forming part of the national assets, the related information management systems and the critical information systems and system components.
- Deterioration of corporate reputation avoided
- Data assets thoroughly assessed
- Penalty fees avoided
Support package for GDPR preparation
Who is covered by the new European Union General Data Protection Regulation (GDPR)? If a single one of the points listed above applies to your company, the GDPR also applies to you.
Not all companies need comprehensive mapping and risk analysis consulting.
GDPR preparations and the establishment of the relevant rules may be implemented gradually, relying on own resources yet achieving high-level compliance.
The support package for GDPR preparation is a compilation of documents with process descriptions, rules, checklists, an action plan and training contents supporting the preparation.
The package has been developed for companies with the following characteristics:
- due to their size they are aware of their business activities that involve the handling of personal data
- their budget does not justify complex transparency and consulting projects.
All you have to do is…
follow the detailed instructions and implement each element of the package and rewrite the Excel and Word documents in it to match the characteristics of your company. The package includes only those templates you will actually need. We have used the results of our numerous successful consulting projects to prepare these templates, so the collection may be really helpful in redefining the data management of an organisation with a simplified structure and in creating the companies’ own rules, thus getting prepared for the adaptation of the General Data Protection Regulation.
- GDPR preparations relying on own resources may be implemented at a high level
- Help in creating the relevant rules
- Detailed instructions for the contents of the package
- Fast, easy and cost effective
- A solution that takes into account the specific characteristics of small- and medium-sized enterprises
- Complete and customisable materials
Our package offer includes the following elements:
- Table of contents, list of attached documents and their brief description
- Getting started, a quick preparation guide
- Full text of the EU regulation
- GDPR guide for managers
- Questionnaire, checklist
- Action Plan
- IT security policy
- Data Protection Officer: guidelines, job description
- Sample contract between data controller and data processor
Regulations and procedures
- IT security regulations
- Risk analysis procedure
- Data management procedure
- Data protection impact assessment procedure
- Access management
- Data backup procedure
- Incident management procedures
- Data request and complaint management
- Education and principles of computer use
- Audit procedure
- Business Continuity Plan (BCP)
- Privacy impact assessment
- Balance of interest test
- Privacy Incident Management Plan
- CCTV operating rules
- Records of data management activities
- Records on the processing of personal data (data inventory)
- Records of privacy incidents
- Log of requests from interested parties/data subjects
- Responses to requests from data subjects
- GDPR statement for website
- Data processing consent form
- Data processing request form
- Awareness-raising training related to internal data processing (with test questions)