Compliance with GDPR

Since May 25, 2018, the European Union’s Personal Data Protection (GDPR) Privacy Policy applies to any organization established in the EU or anywhere in the world that processes the personal data of data subjects when offering them goods or services when monitoring or tracking their behavior. This regulation will affect how data relating to customers, users, partners, staff and other data subjects is managed and will affect the storage, processing, access, transfer and disclosure of physical data records face.

Personal data collection, profiling and marketing technologies have reached a level, and then GDPR measures have to be implemented with recognition of the human right of confidentiality in order to maintain confidence in the digital economy and the privacy of people.

Companies need to get to know and feel comfortable with the concepts of common data protection and understand the role of the corporation for privacy and privacy, law and security in the processing of personal data.

Preconditions

In order to meet the requirements of the regulation, the companies should approach the planning of the steps to be taken, leaning on the conditions established so far under the requirements of the GDPR, ORDINANCE № 1 of 30.01.2013 on the minimum level of technical and organizational measures and the acceptable type of protection of personal data and assess their readiness for further changes that need to be available after 25 May 2018.

Preparatory activities

Forming a corporate vision for GDPR compliance activities can be achieved by attracting external consulting services or by accumulating corporate competences on the subject, that is to say, with one’s own strengths. The two options are based on knowledge of the spirit and the letter of the regulation, but the latter explicitly indicates continuous training of the employees, the Data Protection Officer and the data processors.

The experience of such organizational and technological transformations demonstrates the need for prior training of the senior expert echelon in companies as these employees are able to drive the processes through which the requirements of the regulation can be implemented.

The cycle of courses offered by “Virtual Systems” Ltd. is designed for training of:

  • senior management experts who are responsible for bringing organizations in line with the GDPR, the Data Protection Officer (DPOF), the personal data processors, the data controllers;
  • those specialists who develop IT security and communication technology (ICT) strategies in organizations, technical staff responsible for security incidents;
  • system administrators who configure security and maintain networks, operating systems and all other active devices in the information and communication technology environment;
  • software developers who design, program, test and deploy information systems on a regular basis.

The scope of the topics includes a set of lectures and practical exercises for the GDPR and the knowledge necessary for its in-depth comprehension, which is found in the regulation itself in the competence model of the DPO:

  • asset management, data accountability, ICT configuration management;
  • the risks of violating data subjects’ security incidents;
  • cyber security of ICT, the activities of computer incident response teams;
  • regulatory framework: GDPR, delegated documents, legal peace cases; creation and accompaniment of a set of documents through which the continuous compliance process is managed, re-use of the achieved compliance with other standards such as ISO 27xxx or PCI-DSS.
BGtop