With the anticipated EU General Data Protection Regulation (GDPR) that will be effective from May 25th, companies and organizations handling personal data of EU subjects will face relevant challenges related to the collection, processing and sub-processing, transfer, storage and any other use of such data. There is no need to turn over every stone to recall that non-compliance with the GDPR can determine sanctions up to 20 million euros or 4% percent of annual global turnover (whichever is higher). Further to these kind of sanctions, the knowledge of investors and potential consumers of an infringement procedure can bring businesses to their knees.
PrivacyRules is the first and unique global one-stop-shop for GDPR compliance. The capabilities of our alliance encompass integrated legal / technical / data related services expertise, which affords A / Z – 360° assistance to secure clients’ business and reliability.
PrivacyRules gathers top-ranked European and International experts, many with world-renowned records on the multiple aspects that the Regulation addresses, who can assist on any component of the GDPR from the preparedness to the non-compliance procedures. Considering the different stages of readiness in which companies may find themselves, the alliance’s members and network affiliates will ease comprehension and implementation in every step of the GDPR requirements simplifying the management of otherwise very complex procedures.
A glimpse of PrivacyRules members’ GDPR guidance and services
(US Member) Frost Brown Todd’s Data Privacy Detective Podcast series delves into information security and safeguarding data privacy. This link features latest episodes and options to subscribe: FBT Privacy and Information Security LawTags: non-EU business, consent, processing, personal data, controller, processor
(UK Member) ShakespeareMartineau proposes a simple guide on the 5 initial steps towards GDPR compliance available here.Tags: compliance
(Finnish Member) Lexia elaborates on the challenges between privacy and transparency posed by the GDPR and the Markets in Financial Instruments Directive (MiFID II) in a blog available here, on correct data use here, on the application of the GDPR to data housing companies here.
(Tech Member) EclecticIQ offers a GDPR Due Diligence Recap here
Tags: HR professional, consent, charities, transparency, MiFID II, data use, processing, housing companies, diligence
(Japanese Member) Iwata Godo regularly lectures in Japan on the latest trends in handling practices under the GDPR regime as relevant for non-EU business. The calendar can be found here.
(Italian Member) R&P Legal workshop on the GDPR at the Japanese Chamber of Commerce and Industry in Italy (CCIGI). Further information can be found here.Tags: non-Eu, Japan, compliance, strategy, adequacy decision
PrivacyRules and the Privacy and Information Security Law Practice Group at Frost Brown Todd LLC (US Member of PrivacyRules alliance), have co-authored a paper on EU data privacy law: LINK
The paper has also been discussed in a joint Data Privacy Detective Podcast - Episode 22: https://www.fbttechblog.com/data-privacy-detective-podcast-episode-22-gdpr-non-eu-businesses
The GDPR tailored assistance that PrivacyRules can provide at national and international level, in cooperation with its members and affiliates, includes:
• Assessment of and revision of procedures related to personal data handling
• Preliminary evaluation of GDPR compliance
• Provision of GDPR checklists modelled on clients’ business or activities
• Provision of instruments for personal data mapping to identify intranet-internet fluxes of data throughout different processes, avoiding risks by increasing compliance through an efficient control management including Data Protection Impact Assessments (DPIAs) and risk minimization policies and procedures
• Design of GDPR compliance policies and framework reviews, defining and establishing policies, standards and procedures to sustain clients’ senior governance, personnel procedures and market processes
• Strategic support with data protection-by-design commitments, defining and implementing all relevant provisions ensuring full and dynamic GDPR compliance
• Compliance in potentially vulnerable dimensions such as cloud-based data processing services or social networking services
• Advise on legal and technical aspects related to cross-border implementation of employee monitoring, outsourcing of human resources databases, and whistle-blowing schemes
• Training targeted to companies’ needs and for any rank of personnel (lead management, DPOs, staff involved in any stage of data cycles), integrating sophisticated legal and technical expertise. PrivacyRules training capabilities include continued educational assistance at any stage of the evolution of the GDPR application or interpretation by relevant authorities
• Multilingual and multi-disciplinary webinars and seminars
• Provision of guidelines, alerts and information relevant for privacy data protection matters
• Security assessments to build the perfect technical and legal compliance and data protection architecture. Security assessments are studied with consideration to third parties’ interactions with clients’ operations (sub-contractors, sub-processors, etc.)
• Gap analysis, data mapping, and audit reports on legal / technical security compliance suggesting personalized and innovative solutions and upgrades
• Analyze and implement data breach prevention and response capacity, with a special mechanism for legal / technical data breaches assistance. Test and implement breach response plans, provide guidance to senior managers / DPOs / CTOs and drive affected clients through the fair processing of notices and on the interaction with DPAs nationally and internationally
• Review of data sharing contracts
• Assistance on international data transfers
Irrespective of the client’s data governance framework (EU-US Privacy Shield, binding corporate rules, contractual clauses, etc.) PrivacyRules can provide continuous and wide-ranging assistance on data protection worldwide thanks to an unrivalled alliance of leading cybersecurity and privacy law firms