GDPR Compliance Services

GDPR compliance services in your organization saves time and limits your exposure to data breaches and regulatory penalties, the EU General Data Protection Regulation (GDPR) requires organizations that serve EU residents to keep their users' personal data safe and preserve their data privacy rights.

GDPR certification is a new feature of GDPR law that allows people or entities to receive certification from approved certification bodies to represent both the EU and consumers that they are in compliance with GDPR. Certification is scalable and can be different for organizations of distinct sizes and types.

Data breaches are increasingly making weekly headlines of national newspapers. Whether a breach is accidental or malicious in nature, performed by an insider or an external attacker, it is the loss of data which causes the reputational and often large financial impact to the business. Organisations have for a long time been playing catch-up in regard to data security and protection. Due to a number of high-profile data breaches, industry regulation is increasing its focus on ensuring organisations have in place appropriate protection for personal data.

Under the EU GDPR (General Data Protection Regulation) adopted on 27th April 2016 (enforceable on 25th May, 2018) organisations handling EU data subjects can now be expected to be fined up to €20 million or 4% of global annual turnover for the preceding financial year, whichever is the greater. They must also only maintain data as long as necessary, and identify all affected individuals within 72 hours in the event of a breach. This represents a challenge for organisations without visibility and control of the type of data they handle, where the data is located and applicable regulations.

Now is the time to implement appropriate data security measures to locate, identify and protect sensitive business and personal data within your organisation, enabling compliance with applicable legislation such as the EU GDPR and domestic Data Protection Law. Every organisation is different. Our approach is to tailor the solution for you to meet GDPR with comfortable changes to your established processes. We do not shoe-horn you into a proprietary solution that might not fit well with your business or culture. EM Studios can help organisations to understand what they need to do to get ready to comply with the GDPR, and continue that support if required, into managing the changes to be ready for May 2018 when the GDPR takes effect. A full legal service is also available, upon request.

EM Studios supports organizations with their privacy and data protection compliance journey. Our team consists of industry certified and experienced privacy leaders, consultants, and project managers. We help embed privacy and data protection at the heart of the organization’s culture and operations. In a rapidly evolving global regulatory environment, our practitioners will keep you up to date on all the latest developments and manage the impact of changes through supporting the organization with its regulatory risk profile. Additionally, in a world ever more empowered by the Cloud, our consultants possess the unique skillset and ability to comprehend IT infrastructure and security issues that directly impact on the privacy rights of individuals.

We engage with regulators, advise on breach response, assist and advise on impact assessments, and participate in industry advocacy activities. However, our focus is always supporting our clients in navigating and mitigating the many risks to privacy and fundamental rights in today’s commercial and data-hungry world.

• Data Subject Access Requests (DSARs)

  Under the GDPR any individual whose personal data is obtained, stored or processed by an organization can make a request to that organization to obtain a copy of their information. In today’s world, organizations generate significant amounts of material which contains personal data and which will need to be collated, reviewed and processed when responding to a DSAR. Responding to a DSAR within the short deadline of one month can be challenging. It will require an understanding of the request, running searches, identifying relevant documents and redacting sensitive data, which may not be possible to do efficiently with common IT platforms.

• Data Protection Impact Assessment (DPIA)

  DPIA is a risk-based assessment used to ensure that the data protection rights and freedoms of data subjects are protected when processing of their data is performed by an organization. In an ever digitized and evolving world, organizations need to adapt and evolve to stay competitive and compliant with the regulatory landscape. With new technologies, the capability to capture ever increasing volumes of personal data has never been easier. Not only is a DPIA a compliance requirement, it is also a competitive advantage because both organizations and individuals are assured that their privacy is protected.

• Personal Data Breach

  The GDPR defines a 'personal data breach' as a breach of security if security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. The GDPR defines a ‘personal data breach’ as a breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to, personal data. The regulation enforces specific obligations on organizations to report a breach to the relevant supervisory authority within 72 hours of becoming aware of the breach. If the personal data breach represents a high risk to the data subject, the data subject must also be notified without undue delay. Therefore, an organization’s incident response programme should deliver the ability to quickly react to a data protection or security incident and limit the reputational, operational or regulatory damage it could cause. Not every incident is going to be the same and as such, incident responders must have the ability to react to different situations.

• Data Protection Office (DPO)

  The DPO has an essential leadership role within an organization's governance structure and is a key stakeholder in the data protection accountability framework. Appointing an in-house DPO may not be feasible for every organization. As part of our privacy and data protection service portfolio, our experienced consultants can support you in all aspects of your organization’s requirements of a DPO.