GDPR implementation and DPO service

The gold standard for personal data protection for Europe and the world

GDPR is General Data Protection Regulation for the countries of the European Union (EU) and the European Economic Community (EEC). The document demands an increased level of requirements for the processing of individuals’ personal data.

The GDPR contains advanced principles of personal data and privacy protection, and the approaches to their implementation, which formed the basis of the relevant legislation in Japan, South Korea, China, Brazil, Argentina, Chile, etc. The California Consumer Privacy Act (CCPA) also contains many similarities to the GDPR.

Many companies ask two questions:

1. Why should we be guided by the GDPR if the company is not located in the EU or EEC?

There is a reason. One of the features of the GDPR is its extraterritorial nature. This means that its requirements apply not only to companies located in the EU (EEC) but also to any other operators that process the personal data of EU (EEC) residents, regardless of their location. For example, this applies to companies offering goods or services to EU citizens or collecting data and personalized monitoring of the EU citizens’ behaviour, including recording IP addresses and cookies of website visitors. If you work with EU legal entities, and your interaction involves gaining access to databases of EU individuals, then you and your European partners must also process such data in compliance with the GDPR requirements.

The GDPR principles are internationally recognized. Many advanced countries are guided by them in the development of domestic legislation. Incorporating these principles into your processes will help your company become more competitive not only in European markets.

2. What are the risks of non-compliance with the GDPR requirements? Can we be fined for this?

Yes, you can be fined. The fines, depending on the circumstances, reach 4% of the company’s annual turnover, or 20 million euros. The fine can be applied both to European companies and to foreign legal entities, including those that do not have a representative office in the EU (EEC). And such cases already exist.

It is important for a foreign company to avoid the risks of being banned from doing business in the EU and the loss of reputation. The risks include blocking Internet resources that violate European legislation, or your European partners may refuse to work with you because they can be fined easier than you.

H-X’s lawyers, managers, and security engineers will quickly help you to understand if GDPR applies to your organization. Then we will analyze your business processes, identify inconsistencies and gaps, develop a technological and legal implementation plan, and also implement the necessary complete measures to eliminate inconsistencies. This will increase your confidence, competitiveness, as well as your partners’ and customers’ loyalty, not to mention new prospects for your business development.

GDPR and ISO 27701 implementation stages. DPO service

Stage 0. Preliminary – free of charge!

A preliminary analysis of your company’s activities to determine if you need to comply with the GDPR and ISO 27701 requirements.

We invite you to fill in a questionnaire. We conduct interviews with your management and specialists and clarify the organization of your business processes. Based on the results, we will decide if you need to comply with the GDPR and ISO 27701 requirements or not.

Stage 1. Analytical

Analysis of your company’s business processes to define the necessary organizational, technical and legal measures in order to bring the company to GDPR and ISO 27701 compliance.

You fill out a detailed questionnaire. Our representatives conduct interviews with your management and specialists. You provide us with access to systems, contracts, and other documents for analysis. Based on the results of this work, we offer you conclusions on the GDPR and ISO 27701 compliance or non-compliance of your processes, define the deficiencies and inconsistencies, and also offer organizational, technical, and legal measures to fill the gaps.

Stage 2. Implementation

Implementation of recommendations to eliminate the identified deficiencies and inconsistencies.

Under the supervision and participation of our lawyers and technical specialists, the action plan is implemented to eliminate shortcomings and inconsistencies in business processes. In order to eliminate or minimize risks, where applicable, your business processes are adjusted. If necessary, we train and educate your specialists.

Stage 3. Support + DPO

Providing a Data Protection Officer (DPO) service, monitoring GDPR and ISO 27701 compliance, and providing advice in the course of ongoing activities.

We perform DPO functions in accordance with the GDPR. We monitor changes and application practices of GDPR and ISO 27701. We provide advice on GDPR and ISO 27701 compliance in the course of your current activities. In case of changes or additions to your business processes, legal requirements, or application of the law, we make recommendations on how to adjust your processes to comply with the requirements of the GDPR and ISO 27701.

Check out our additional services and business cases. Send the form below to order GDPR and ISO 27701 implementation services. Get a free consultation.