On May 25, 2018, the GDPR (General Data Protection Regulation) came into force. The text addresses the strengthening of the protection of personal data of citizens and residents of the European Union.
This legislation presents a fundamental text regarding privacy that governs the way in which companies and other organizations treat personal data. The text has substantially amended the previous legislation, entailing a series of new obligations for companies and institutions. After a two-year “running-in” period, the interested parties are obliged to adapt to the new legal requirements, with legal, organizational and technological interventions.
- New companies must consider compliance with European legislation essential and thanks to the HyperGDPR service, HyperGrid experts are able to provide complete advice for the correct adaptation to current regulations. It should be noted that the consultancy is based on the integration between IT operators experts in the field and a law firm of qualified professionals.
- For public administrations and companies already adequate, we remind you that the GDPR is not a point of arrival but an ongoing process. Through the Regulation, the relationship with customers / users is improved by communicating the purposes of the processing in a clear and transparent way and making it easy for interested parties to exercise their rights. A periodic check-up is therefore necessary to monitor the maintenance of standards. Also in this case HyperGrid guarantees a consultancy activity on the GDPR by planning a check-up of the standards achieved, adapting, maintaining, integrating where necessary and implementing a continuous improvement plan over time.
Since the Regulation came into force, reports indicate that large numbers of violations are reported in Italy every year. Situation that generates fines for important figures. It is therefore essential that the adjustment is perfect and that it is verified over time. HyperGrid has always been at the forefront in this sector, perfectly organized in providing its customers (both companies and public administrations), the correct adaptation and maintenance to the regulations.
– Compliance assessment: collection of all information on the company organization, analysis and evaluation of the documentation in use.
– Register of treatments: document to keep track of the processing carried out by the owner and any managers, and containing the purposes of the processing, a description of the categories of interested parties and personal data, the recipients, any transfers to third countries and a description of the security measures.
– Drafting/Modification of the documentation so that it is complete and updated according to the requirements of the new legislation.
– Identification of the roles and responsibilities of the subjects who carry out the treatment.
– Definition of security policies and risk assessment: evaluation and implementation of all technical and organizational measures to ensure, and be able to demonstrate, that the processing is carried out in accordance with the GDPR. This phase is an expression, above all, of the principle of accountability.
– Data Breach: procedure to ensure that you have adopted all the appropriate procedures
to discover any violations, generate adequate reporting and investigate the causes as well as the effects of the violation suffered.
– Impact assessment on the protection of personal data: to ensure transparency in the processing of personal data and adequate protection to the same, the Data Controller must carry out precise privacy impact assessments. in order to assess data protection aspects before they are processed.
– Implementation of processes for the exercise of the rights of the interested party.
– Identification and appointment of a Data Protection Officer (DPO): Figure whose main responsibility is to observe, evaluate and organize the management of the processing of personal data (and therefore to their protection) within a company, so that these are processed in compliance with European and national privacy regulations.
To comply with the European GDPR regulation there is a mandatory professional figure for public administrations and for some private companies. This is the DPO (Data Protection Officer), the professional who has the task of evaluating and organizing the management of the processing of personal data and certifying its adequate protection. In this context, HyperGrid acts on several fronts:
1) With structured courses for Data Protection Officers.
2) As a consulting service in case the company prefers to rely on an internal figure. In this case, HyperGrid is able to identify and evaluate the appointment of the DPO.
3) The real flagship of the company is the outsourced DPO service dedicated to public bodies and companies in which HyperGrid’s specialized staff assumes the independent role of the DPO. The service is successfully active in many realities of the territory.