Privacy
Since 25 May 2018, the General Data Protection Regulation (GDPR) has been in force. Projective Group helps organisations to comply with these privacy and data protection regulations.
GDPR
Compliance
Every company processes personal data (sometimes unknowingly). All types (or categories) of personal data have their own requirements when it comes to security measures, retention periods, etc. The GDPR sets out a large number of rules regarding the protection and processing of personal data. We help organisations meet the legal requirements in a practical way by implementing them in policies, procedures and processes.
Our privacy experts have a thorough knowledge of these legal requirements, as well as market best practices. We take a pragmatic approach, looking closely at your business and the proportionality of the measures to be implemented.
Privacy Quick Scan
The starting point of our services is often a Privacy Quick Scan, also known as a Privacy Baseline Measurement. This is where we determine the extent to which an organisation is compliant with data protection laws and regulations. We then identify what steps are needed to comply with all applicable requirements. A Privacy Quick Scan consists of the following steps:
- Systematically outlining the regulatory framework and identifying the legal requirements with which your organisation must comply;
- Identifying current policies and procedures;
- Identifying and analysing the gaps; and
- Creating an action plan of concrete measures to address the gaps.
Privacy Policy
As a data processor, you are required to have a privacy policy that sets out how the organisation complies with the GDPR. In this policy, you should consider the nature, scope, context and purpose of the data processing. Our privacy specialists can help you draft, review or revise your privacy policy.
In addition to the privacy policy, other (policy) documents are required to comply with the GDPR. Think of a Data Processing Register and a Data Processing Agreement. We can also help you draft or review these documents. In this way, we help companies to establish data protection in a controlled and verifiable manner.
Data Protection Impact Assessment
Part of GDPR compliance is conducting a Data Protection Impact Assessment (DPIA). The DPIA helps you to identify the privacy risks of new or changed data processing in advance, so that you can take measures to mitigate them. Under the GDPR, a DPIA is mandatory if a data processing operation is likely to pose a high privacy risk to data subjects. Our privacy specialists will help you determine whether a DPIA is required and if so, assist you in conducting it.
Assessing data leaks and data breaches
As an organisation that processes personal data, you are required to report a data leak or data breach to your Data Protection Authority if it is likely to have a serious adverse effect on data subjects. In some cases, the data subjects themselves must also be notified. In addition, you must document all data breaches, even if they were not required to be reported to the authorities.
Deciding whether or not to report a data breach can be difficult. It requires a consistent consideration that can be easily recorded and reproduced. We can help you to:
- Analyse the incident;
- Assess whether a data breach has occurred;
- Assess the severity of the breach;
- Advise on whether notification is required;
- Report and record the breach;
- Prevent recurrence.
External Data Protection Officer & Privacy Officer
Within an organisation, management is responsible for handling personal data and ensuring compliance with the GDPR. The management may be assisted by two officers.
For some organisations, the appointment of a Data Protection Officer (DPO) is mandatory. In practice, organisations often choose to appoint a DPO as an independent overseer of GDPR compliance, even if this is not required. In addition to the second-line role of the DPO, there is also the first-line Privacy Officer (PO). This officer assists the organisation with tasks such as drafting and maintaining policies, assessing data breaches and conducting data protection impact assessments (DPIAs).
Does your organisation lack an internal DPO or Privacy Officer? Do you need support in your current role or temporary additional capacity? Our privacy specialists can fulfil the role or provide assistance in a professional and practical manner.
There is often confusion about the difference between a privacy officer and a data protection officer. What is the difference between the two roles and which one is right for your organisation?
