The EU General Data Protection Regulation (“GDPR”) which was implemented over a year ago substantially changed data privacy rules. By now organisations in the EU or organisations outside the EU which process personal data of EU residents should be in a position to demonstrate that they fulfill the necessary requirements for compliance.
It is particularly important for organisations to increase awareness through training of all stakeholders involved and to assess if they should appoint a Data Protection Officer (“DPO”) and set up a Privacy Office. The DPO should be able to provide to the organisation day-to-day independent advice in relation to the GDPR.
Additionally, given the focus of the GDPR on accountability, a Data Privacy Impact Assessment should be carried out by organisations in certain circumstances in order to evaluate if specific processing may entail a high risk for the rights and freedoms of individuals.
Of course the competent regulatory authority plays a crucial role in implementation and enforcement of the GDPR and corresponding national legislation as well as respective guidelines, and should be consulted as appropriate.
Our firm helps SMEs and large organisations in a wide range of sectors to comply with the GDPR, national legislation, and the relevant guidelines of the European Data Protection Board and the local Commissioner for Personal Data Protection. Our associates focus on technology and cybersecurity aspects to cover all angles of the necessary exercise, in line with the rapid shifts in technological disruption. We advise on the appropriate safeguards that must be implemented in the Digital Age, particularly considering the substantial risks and potential consequences involved.
Please do not hesitate to contact us if you require any related advice or support.