The EU General Data Protection Regulation (GDPR) that is applied since 25.05.2018 enforces significant changes upon the regulation of data privacy. The Regulation applies to all companies processing personal data of subjects located within the Union, regardless of whether the processing takes place within the EU. Companies that have failed to comply with the regulatory requirements of the Regulation will be subject to sanctions the most severe of which being 4% of the company’s revenue or up to 20 million euros.

IQ Security offers three distinct categories related to complying with the regulatory requirements of the Regulation.

GDPR Analysis

Review and review of the established rules in the personal data protection company, including:

  • Review and comprehensive legal audit of current data protection rules;
  • Verification of personal data processing activities and their compliance with the new requirements of the Regulation;
  • Preparation of a Report with recommendations for improvement of the introduced rules and their regulatory compliance with the newly adopted rules;
  • Consultations on changes and introduction of new legal rules;
  • Training of employees.

GDPR Compliance

Align fully with the regulatory requirements of Regulation 2016/679 and the Personal Data Protection Act, including the development of new work procedures and the Privacy Policy. During the process, the following activities will be performed:

  • Developing rules and procedures for the regulation of GDPR activities;
  • Analysis of personal data processing activities and their compliance with the new GDPR requirements;
  • Analysis of the personal data used and the legal grounds for their collection;
  • Developing a Data Protection Policy;
  • Work instructions and documents required for overall compliance;
  • Procedure for managing user requests as well as required forms;
  • Develop a cookie policy for the site;
  • Assistance in integrating the rules into the daily work of the company;
  • Training of employees regarding application of the rules;
  • Additional consultations.

DPO - Data Protection Officer

The service is appropriate for companies that are required to have a personal data protection officer. His responsibilities include:

  • Control over the implementation of the adopted personal data protection policy in the company, as well as compliance with the regulatory requirements;
  • Prepare recommendations and consultations in the implementation of new products concerning personal data subjects;
  • Advise the employees of the company on any issues related to the processing of personal data;
  • Commits to communicating with the Data Protection Commission or with legal entities;
  • Prepare regular reports in case of incidents, and in certain cases inform CPDP (Commission) within the set deadlines;
  • Train employees on the implementation of the regulatory framework;
  • Full assistance in solving problems related to personal data breach or breach.