Data protection

EU General Data Protection Regulation (GDPR) Compliance Assistance

Ensure your organization complies with the GDPR

Ensure your organization complies with the GDPR

Comply with the GDPR

The EU legal framework on data protection has been harmonized with the objective of establishing a high level of data protection, as highly standardized as possible, for the processing of personal data. The new EU General Data Protection Regulation (EU GDPR), aimed at improving the protection of personal data, came into force on May 25, 2018.

The introduction of the EU GDPR requires that all companies review existing data processes and create numerous new processes. In addition, existing models, checklists and contractual documents must be revised. Furthermore, technical and organizational measures must be adapted. Organizations that fail to comply with the new regulation face fines of up to 20 million Euros or 4 percent of their global annual turnover.

Key requirements of the GDPR

Processing of personal data for clear and legitimate processes only: Generally, personal data must be saved in a form and manner that enables the data subjects to be identified only for as long as this is necessary and for the purposes for which these data are processed. Once they are no longer needed for the purpose for which they were collected, personal data must be deleted. If data subjects withdraw their consent to the use or processing of their personal data, organizations are obliged to delete (‘erase’) the relevant information.

Extended duties of documentation: The GDPR introduces additional obligations for companies, in particular in the field of documentation. While organizations no longer have to maintain a public directory of procedures, the obligation to keep internal records of their processing activities has been maintained and even extended.

Minimizing risk: The EU GDPR pursues a risk-based approach, focusing on the “risks for the rights and freedoms of natural persons.” Such risks may arise in case of personal data breaches. Given this, the regulation requires that personal data breaches must be reported to the competent supervisory authority within 72 hours. Organizations should clearly regulate the roles and responsibilities within their data protection organization and establish and document the processes necessary to mitigate the existing risks.

In certain cases, the EU GDPR requires detailed risk assessment prior to the introduction of data processing. Risk assessment in this context extends from systematic description of the planned activities and purposes of the processing of personal data to documentation of the actions planned to mitigate the risks and ensure the protection of personal data.

How we Can help you comply with gdpr

TÜV SÜD recommends that organizations identify processes falling under the scope of the GDPR, and that they conduct initial checks by aligning existing processes with the new requirements. As the EU GDPR has already come into effect, it is high time to complete the implementation of compliant processes and systems.

A leading expert on regulatory frameworks and process optimization, TÜV SÜD supports businesses in the process of becoming GDPR compliant.

Contact Us Today to Learn More

EXPLORE

EU - General Data Protection Regulation
White paper

EU-General Data Protection Regulation (EU-GDPR)

Understand the key requirements of the harmonized EU standard

Learn More

Comprehensive Glossary of Cybersecurity Acronyms: Understanding Terms in the IIoT-Enabled World
E-book

Cybersecurity Acronyms in the IIoT-Enabled World

Enhance your knowledge of IT and cybersecurity terms

Learn More

Penetration testing
White paper

Cybersecurity Health Checks

Understand the current climate in cyber threats, learn about the hacker’s mindset

Learn More

VIEW ALL RESOURCES

Next Steps

Site Selector