GDPR Compliance - DPO services
As the world continues the digital revolution, protecting citizens' personal information is becoming a key business requirement.
The General Data Protection Regulation of the European Union, with effect from 25 May 2018, provides a set of technical and organizational measures regarding the protection of Personal Data (PD).
Each business must have control over the collection of data, its processing and deletion, and be able to demonstrate its compliance under the requirements of the Regulation.
Every company processes in some way Personal Data of either its employees or its clients, therefore the Regulation applies to virtually all private and public enterprises.
Compliance support service
At MDC Stiakakis we have the experts and partners to help your business comply with the regulation.
The approach we follow consists of a basic body of deliverables, the implementation of which is completely individualized to the needs and the specifics of each business.
Stages |
Description |
|
|---|---|---|
|
Introduction to GDPR, planning and defining the implementation strategy |
Initial training of the executives and employees in GDPR to familiarize them with the terms of the New Regulation to achieve the productive cooperation required in the next stage. Define the implementation strategy. |
|
|
Data Mapping |
Identify the executives who process personal data. Map the existing legal, technical and organizational measures for the security and protection of personal data through interviews. |
|
|
Gap Analysis |
The findngs of data mapping will be correlated with the individual articles of the GDPR. Then non-compliant business processes will be identified and recorded according to GDPR provisions. |
|
|
The security of the existing infrastructure is examined, and the risks are assessed |
The security and vulnerability of both electronic and physical infrastructures is examined |
|
|
Data Protection Impact Assessment (if required) |
We conduct an impact assessment in accordance with the provisions of Article 35 of the GDPR, in case where one of the technologies used is considered likely to put the rights and freedoms of the data subject in to risk. |
|
|
Compliance Action Plan |
Preparation of the proposed legal and organizational measures to be taken to address non-compliance with the GDPR. Develop technical control measures to reduce the risk of breach of the security of information systems and physical files. Guidance and support for their implementation. |
|
|
Delivery of the Data Privacy System Management |
Meetings with all stakeholders as well as the management team, where the comprehensive Data Privacy System Management will be presented and delivered. Employee training. | |
| Preparation for inspection and certification of compliance (In accordance with the provisions of Articles 42 and 43) | Evaluation of the Data Privacy System Management documentation. Assess the adequacy of Data Privacy System Management for inspection and certification. | |
| Outsourced DPO services | Monitor compliance and policies of the controller or processor with respect to the protection of personal data, including the delegation of responsibilities, awareness raising and training of employees involved in control activities. Advice on data protection impact assessment and monitoring its implementation. We act as a point of contact with the Supervisory Authority on matters related to the processing of personal data and consult, as appropriate, on any other matter. Employees training. |
For Q&A about the regulation click here.