GDPR - data protection legal compliance
Save your data and educate your employees.
Implementing the GDPR is affecting your entire organisation, a full circle from customer, business processes and involved parties, to employees and external involved parties into your business. As a business, you need to rethink how personal data is handled from the source to the point of consumption. ITAF’s team of experienced data protection experts can help your organisation with a variety of best-practice solutions including the organisational and process-related aspects, risk management, incident management, security and compliance.
GDPR Governance Support
Lawfulness, fairness and transparency
Data governance and GDPR go hand in hand. A strong data governance program is critical to the data visibility and categorization needed for GDPR compliance. Data governance enables an organization to discover, understand, govern and socialize its data assets not just within IT, but across the entire organization.
Sticking to the subject, ITAF GDPR specialists will help you within:
IT service management and compliance support
Key aspects of GDPR related ITSM are related to personal details which can affect negatively your business in many ways.
GDPR Risk and Incident management
How to build an incident response program?
ITAF can introduce you to any risks and train your staff in what way they should react if data breaches occur within a company.
Short description of incident management process
• Data controllers are obliged to communicate all relevant details about a notified breach to the supervisory authority without undue delay and no later than 72 hours after they have become aware of it. Any prolongations need to be additionally justified.
The details that need to be disclosed to the supervisory authority include, but are not limited to categories and an approximate number of data subjects affected by the breach, as well as categories and an approximate number of personal data records that were compromised.
• Data controllers must maintain records of all personal data breaches, any related facts about the breaches, their consequences and all actions taken to remediate them. Such records will then be reviewed by the supervisory authority in order to verify compliance.
• Data subjects must be notified about a data breach as soon as it occurs (GDPR parlance is without undue delay). This is especially true when a high risk to the rights and freedoms of data subjects might exist as a result of the breach.
Organisation and processes
Data privicy and information security
Businesses must acknowledge that being transparent about how data is used and protected is now required by law. Each organization (including charities and public sector entities) must define a scope for which they collect specific data. Make sure that your data processors will ask for your approval whenever they intend to transfer data outside the EU/EEA. The same rules apply when the data processors intend to subcontract part of the services they provide.
The GDPR will require some organizations to designate a Data Protection Officer (DPO). Organizations requiring DPOs include public authorities, organisations whose activities involve the regular and systematic monitoring of data subjects on a large scale, or organizations that process what is currently known as sensitive personal data on a large scale.
GDPR Training by ITAF
Our GDPR training has been build on the GDPR Foundation qualification to give your business a knowledge and operational skills to optimize, implement and manage a GDPR compliance programme, and to fulfil the DPO (data protection officer) role.
For more information about ITAF GDPR Services and GDPR training, please contact us and we’ll be glad to help you!