Ensure that you GDPR compliance strategy is efficient, fast and thorough with solutions that suit your business.
Get in touchThe internet has revolutionised the way we communicate and handle our everyday affairs, becoming an indispensable part of our daily lives. We send emails and share documents, we shop, we pay our bills.
Yet, all these actions compel us to share our personal data, often without giving it much thought. In addition, companies may collect information so that they can offer more targeted communication and in turn a better customer experience, whereas your social media posts are stored digitally. But where does all this information go?
As the number of data breaches and hacks are on the rise, a number of the aforementioned data could be exposed on the internet.
In comes the EU General Data Protection Regulation, most commonly referred to as GDPR. Since May 25th 2018, it is supported by the Data Protection Act of the Laws of Malta and covers both data protection and privacy for all individuals within the EU and the EEA. The regulation guarantees that data protection safeguards are ingrained into products and services as soon as they are developed and as a result, it is regarded as one of the most important changes in data privacy regulation, impacting both businesses and individuals.
With hefty fines that range well into the millions, ensuring that you are compliant with GDPR will limit your exposure to data breaches and penalties. It will also prevent you from having to deal with unnecessary stress and wasted time and resources. Below are some of the core elements to GDPR:
Would you like to find out more about GDPR?
Input your details and one of our experts will get back to you.
Increased Territorial Scope
GDPR’s regulatory landscape extends beyond our shores which means that even businesses that are based outside the EU but process personal data of individuals and organisations based within the EU and offer goods or services to its citizens must nonetheless abide by GDPR.
New Consent Requirements
Whereas the custom was to use long illegible terms and conditions brimming with legal terminology that few could understand, the conditions for consent have now been modified to be as easily accessible as possible with plain and clear language. At the same time, the purpose of collecting and processing this data must be specified
Penalties for non-compliance
Under GDPR, fines have risen considerably. An organisation can be fined up to €10 million or 2% of the annual global turnover for minor breaches and €20 million or 4% of the annual global turnover for more serious breaches – a far cry from the highest ever recorded fine under the previous Data Protection Act that amounted to around €23,000.
Reporting any Data Breaches
If the inevitable has happened and you are faced with a data breach, you are required to report to the Data Protection Commissioner within 72 hours, while data processors are required to notify their customers as soon as they become aware of a data breach.
Appointing a Data Protection Officer (DPO)
If your core activities require monitoring data subjects on a large scale or of specific data such as criminal offences and convictions, then you must appoint a Data Protection Officer.
Would you like to find out more about GDPR?
Get in touchThe emergence of GDPR may call for the introduction of new policies and at times, even a complete corporate overhaul. This means that you must have lawful grounds to process data yet stay ahead of the curve from your competitors.
Whether you are a long-established enterprise that would like to ensure GDPR compliance or an up-and-coming start-up that needs to establish novel internal policies, PTL brings together its expertise and skillset in the Legal, IT, Risk, Compliance and Project Management sphere to undertake any GDPR project for you from inception to completion.
Bearing in mind our clients’ needs and unique business characteristics, our services will allow your organisation to smoothly, methodically and efficiently make the necessary adjustments by offering advice, determining any gaps in compliance and addressing these by providing appropriate recommendations.
