The GDPR (General Data Protection Regulation), came into force on May 25, 2016 throughout the European Union. Since May 25, 2018, the GDPR has required public administration and companies to adapt to the changes planned, including:
- The creation of a new control figure, the Data Protection Officer
- The definition of the processes for implementing security measures commensurate with the risks to individuals’ rights and freedoms
- Creation of a data breach notification process
- The keeping of a register of processing operations carried out
- The widening of the rights of data subjects, with the formalization of the right to oblivion and portability
For those who do not comply, the sanctions will be very heavy. They will be able to reach 20 million Euros, or 4% of the annual turnover, thus significantly increasing compliance costs.
Within this complex and crucial issue for the business and image of a “Company”, Creasys provides structured and seamlessly integrated support in its GRC (Governance, Risk and Compliance) portfolio, so that its clients can be able to support their clients:
– make the data protection activities carried out transparent and verifiable
– to keep the organisational model constantly updated and adequate
– Reduce organisational costs and impacts resulting from GDPR
The Creasys offer combines a set of services that covers the entire lifecycle of compliance with the Regulations (from Maturity Data Protecion Assessment to the GDPR Compliance Roadmap via Training and Communication Support) with market leader tools and databases, in order to:
– analyse customer applications and which of them process sensitive data
– facilitate the monitoring of libraries regarding jurisdiction and privacy laws applied in the European Community countries
It is a comprehensive proposal that considers the threats to data protection both endogenous and exogenous to the customer organization but, above all, that does not lose sight of a key concept of information security: protection also concerns the people of the organization and its processes, not only technology.