General Data Protection Regulation – GDPR

WHAT IS THE EUROPEAN REGULATION 2016/679

The European Regulation 2016/679 (General Data Protection Regulation, GDPR) establishes the configuration of a common legal framework for the protection of natural persons against the process of personal data within the member states of the European Union, setting a series of restrictions and new obligations on businesses regarding:

• the process of personal data in their whole lifecycle, from collection to deletion
• the transferability of personal data to third countries
• the protection of natural person’s rights
• the security (confidentiality, integrity, availability) of personal data
• disclosure actions that the business is obliged to perform in case of breach

TO WHOM DOES THE GDPR APPLY

GDPR is applied to all private and public sectors that process in any way personal data of natural persons customers, customers of their customers, employees, associates or other natural persons. However the compliance requirements for every business differ regarding the volume of processing data, the type of the data (e.g. sensitive) and the processing actions.

WHAT IS PERSONAL DATA
Personal Data means any information relating to an identified or identifiable natural person for example:

• identification data (name, age, resident address, occupation etc.)
• natural characteristics (height, weight, skin color etc.)
• financial status (income, assets, economic behavior)
• sensitive personal data (medical records, medical exam results, biometrics, political beliefs, sexual orientation etc.)

 

WHAT DOES THE TERM “PROCESSING” MEAN

According to GDPR ‘processing’ means any operation or set of operations which is performed on personal data , such as collection, recording, processing, storage,  erasure or destruction.

FINAL DATE OF COMPLIANCE

GDPR is activated in a mandatory application for all member states of the European Union by 25/05/2018.

WHAT ARE THE IMPACTS OF NON COMPLIANCE

• The administrate fines can reach up to 4% of the total worldwide annual turnover of the company, or 20 million euro (whichever is higher)
• Deterioration of company image and loss of customer and market trust
• Customer loss

THE APPROACH

SAMARAS & ASSOCCIATES Ltd having the knowledge and experience in developing systems for information security management, risk analysis studies and recognizing the complexity of the mandatory compliance of businesses regarding the Regulation’s demands, has assembled specialized executive teams, in order to offer integrated services to its customers.

Specifically for every project a specialized project team is assembled that consists of:

• Legal Advisor
• IT Expert
• Business Organization Advisor

The customized approach aims to reach the complete compliance of your business regarding the Regulation’s demands both at organizational and technical level, always depending on the type and the range of the personal data, the company structure and operation.