GDPR implementation and DPO service

The golden standard for personal data protection for Europe and the world

GDPR is General Data Protection Regulation for the countries of the European Union (EU) and the European Economic Community (EEC). The document assumes an increased level of requirements for the processing of personal data of individuals.

The GDPR contains advanced principles of and approaches to the protection of personal data and privacy, which formed the basis of the relevant legislation in Japan, South Korea, China, Brazil, Argentina, Chile, etc. The California Consumer Privacy Act (CCPA) also contains many similarities with the GDPR.

logo GDPR

Many companies ask two questions:

1. Why should we be guided by the GDPR if the company is not located in the EU or EEC?

There is a reason. One of the features of the GDPR is its extraterritorial nature. This means that its requirements apply not only to companies located in the EU (EEC) but also to any other operators that process the personal data of individuals which are the subjects of the EU (EEC). Regardless of their location. For example, this applies to companies offering goods or services to EU citizens or collecting data and personalized monitoring of the EU citizens’ behavior, including recording IP addresses and cookies of website visitors. If you work with EU legal entities, and your interaction involves gaining access to databases of EU individuals, then you and your European partners must also process such data in compliance with the GDPR requirements.

The GDPR principles are internationally recognized. Many advanced countries are guided by them in the development of domestic legislation. Incorporating these principles into your processes will help your company become more competitive not only in European markets.

2. What are the risks of non-compliance with the GDPR requirements? Can we be fined for this?

Yes, you can be fined. The fines, depending on the circumstances, reach 4% of the company’s annual turnover, or 20 million euros. The fine can be applied both to European companies and to foreign legal entities, including those that do not have a representative office in the EU (EEC). And such cases already exist.

It is important for a foreign company to avoid the risks associated with the impossibility of doing business in the EU and the loss of reputation. The risks can include blocking of Internet resources that violate European legislation, or your European partners can refuse the cooperation because they are easier to be fined than you.

H-X’s lawyers, managers, and security engineers will quickly help you to understand if GDPR applies to your organization. Then we will analyze your business processes, identify inconsistencies and gaps, develop a technological and legal implementation plan, and also implement, in a “turnkey” mode, the necessary measures to eliminate inconsistencies. This will increase your confidence, competitiveness, as well as the loyalty of partners and customers, not to mention new prospects for your business development.

GDPR implementation stages. DPO service

Stage 0. Preliminary – free of charge!

A preliminary analysis of your company’s activities to determine if you need to comply with the GDPR requirements.

We invite you to fill in a questionnaire. We conduct interviews with your management and specialists and clarify the organization of your business processes. Based on the results, we make a conclusion if you need to comply with the GDPR requirements or not.

Stage 1. Analytical

Analysis of your company’s business processes to define the necessary organizational, technical and legal measures in order to bring the company to GDPR compliance.

You fill out a detailed questionnaire. Our representatives conduct interviews with your management and specialists. You provide us with access to systems, contracts, and other documents for analysis. Based on the results of this work, we offer you conclusions on the GDPR compliance or non-compliance of your processes, define the deficiencies and inconsistencies, and also offer organizational, technical, and legal measures to fill the gaps.

Stage 2. Implementation

Implementation of recommendations to eliminate the identified deficiencies and inconsistencies.

Under the supervision and participation of our lawyers and technical specialists, the action plan is implemented to eliminate shortcomings and inconsistencies in business processes. In order to eliminate or minimize risks, where applicable, your business processes are adjusted. If necessary, we train and educate your specialists.

Stage 3. Support + DPO

Providing a Data Protection Officer (DPO) service, monitoring GDPR compliance, and providing advice in the course of ongoing activities.

We perform DPO functions in accordance with the GDPR. We monitor changes and GDPR application practices. We provide advice on GDPR compliance in the course of your current activities. In case of changes or additions in your business processes, legal requirements, or law enforcement practice, we make recommendations on adjusting measures to comply with the requirements of the GDPR.

Check out our additional services and business cases. Send the form below to order GDPR implementation services. Get a free consultation.

Business cases of projects we completed

Information security incident response and investigation
Managed security and compliance (ISO 27001, etc.)
Security analysis of software source code
Security assessment: audits and penetration tests
Security Operations Center cases