VDAR (GDPR) IT relevance verification and consultations

On May 25, 2018, the General Data Protection Regulation (GDPR) came into force. It was created in order to increase the control and protection of each EU data subject regarding their personal data.

In order to ensure compliance with the rules of the regulation, the first step dots. offers is to assess the current situation in your organization. As a result of the GDPR assessment, you will be able to see any areas of improvement (using GAP analysis), as well as to identify the most critical risks associated with the person identifiable information.

We will evaluate adherence to the principles of personal data processing (outlined in Article 5 of the Regulation):

• Lawfulness, fairness and transparency: is the data processed lawfully, fairly and in a transparent manner in relation to the data subject.
• Purpose limitations: is the data collected for specified, explicit and legitimate purposes and whether the processing adheres to these purposes.
• Storage limitations: is the data kept in a manner which permits the identification of data subjects for no longer than is necessary for the purposes for which the personal data is processed.
• Accuracy: whether data is accurate and, where necessary, kept up to date.
• Data minimization: is it adequate, relevant and limited to what is necessary in relation to data processing.
• Integrity and confidentiality: is it processed in a manner that ensures appropriate security of the personal data - including protection against unauthorized or unlawful processing and against accidental loss, destruction or damage, using appropriate technical or organizational measures.
• 
  

We will identify the risks and possibilities to improve personal data protection in your company.

As a result of the assessment, we will compile a report which will include:

• Identified non-conformities following the principles of data management, including excessive data processing, non-conforming internal regulatory documentation, gaps in internal processes and misconfigurations in technical solutions.
• Risks identified and their potential effect on the operation of the company.
• A general action plan to mitigate any non-conformities.
• Detailed recommendations for risk mitigation.

As a whole, GDPR is similar to the Personal Data Protection Law of the Republic of Latvia. In essence, ensuring GDPR compliance for entities already adhering to existing legislation should be a straight-forward process; however, some significant changes should still be noted, for example:

• The right of a person to withdraw their initial agreement to data processing and to demand deletion of their data.
• Considerably greater penalties for violations, reaching up to €20 million or 4% of the company’s and its branches’ turnover.
• The definition of what constitutes personal data has been updated.
• If the number of employees at a company exceeds 250, a person responsible for personal data security monitoring must be appointed.
• In case of a personal data breach, Data State Inspectorate must be informed within 72 hours.

1. Independent assessment of the company’s data processing procedures.
2. Any non-conformities with regards to GDPR identified.
3. The action plan to improve data processing procedures.

This service is provided by Squalio.

A Squalio representative will contact you shortly.