The EU General Data Protection Regulation (GDPR) replaces the EU Data Protection Directive 95/46/EC (DPD). It is a common law for all EU countries to support the secure, liberal movement of data across EU boundaries. It puts data subjects at the forefront of data security and aims to protect all EU citizens from privacy and data breaches. If you control and process Personally Identifiable Information (PII) or sensitive personal information of EU citizens you must comply with the regulation by May 2018. Even if you do not have offices or employees in the EU zone you must still comply.
Global Data Protection Regulations known as GDPR will be effective from 25 th May 2018. GDPR is regulation in EU law on data protection and privacy for all individuals within the European Union. The GDPR aims primarily to give control to citizens and residents over their personal data and to simplify the regulatory environment for international business by unifying the regulation within the EU. The GDPR extends the scope of EU data protection law to all foreign companies processing data of EU residents. It provides for a harmonization of the data-protection regulations throughout the EU, thereby making it easier for non-European companies to comply with these regulations; however, this comes at the cost of a strict data-protection compliance regime with severe penalties of up to 4% of worldwide turnover or €20 million, whichever is higher.
- Creating a data inventory that identifies processors and any data that’s held unlawfully.
- ShieldByte will conduct a data flow audit for Personal Data and Data processing.
- Govern on personal data starts with being able to define what personal data means and then share this understanding across your organization.
- Perform a gap analysis to assess your compliance, according to your business processes.
- Conduct a data protection impact assessment and a security gap analysis.
- Consulting for implementing of governance framework ISO 27001 or Cyber Essentials.
- ShieldByte will facilitate to monitor, audit and continually improve each step.
ShieldByte Infosec Pvt Ltd will Address Key Challenges.
Privacy by Design
ShieldByte shall implement appropriate technical and organizational measures for ensuring that, by default, only personal data which are necessary for each specific purpose of the processing are processed.
Material and Territorial Scope
GDPR Regulation applies to the processing of personal data wholly or partly by automated means and to the processing other than by automated means of personal data which form part of a filing system or are intended to form part of a filing system with territorial scope.
Right to Erasure
GDPR provides right to erasure or right to be forgotten of personal data concerning him or her without undue delay. Shieldbyte will provide you complete guidance for implement Right to Erasure as article 6(1), or point (a) of article 9(2).
Right to Access
Data owners have right to access their personal concerning him or her are being processed with the purposes of the processing, category of personal data , etc. Shieldbyte gives you functionality to comply with Right to Access.
Right to data portability
GDPR provides right to data owner with right to data portability. Shieldbyte will provide you the guidance to build data portability in a structured, commonly used and machine-readable format without hindrance.
Right to rectification
The data subject shall have the right to rectification without undue delay the rectification of inaccurate personal data concerning him or her. Taking into account the purposes of the processing, the data subject shall have the right to have incomplete personal data completed, including by means of providing a supplementary statement.
Right to restriction of processing
Data owner have the right to obtain from the controller restriction of processing where the accuracy of the personal data is contested, the processing is unlawful or the processing is no longer required.
Right to object
The right to object provided under GDPR is on grounds relating to his or her particular situation, at any time to object processing of personal data concerning him or her including profiling based on those provisions compelling legitimate grounds .