The Privacy Advisor advice about the General Data Protection Regulation.
The Privacy Advisor is founded by a computer science geek with a passion for these domains: privacy, information security, databreach and the General Data Protection Regulation. The knowledge of these domains and the (mandatory) organisational and technical measures to comply to the Genaral Data Protection Regulation, are acquired by the research for my thesis and the personal interest in these domains.
With the advice of The Privacy Advisor, your company can commit to the General Data Protection Regulation with a profound basis. Information security, privacy and their affiliated measures are processes that need continuous improvement with a the PDCA cyle and ISO 27000 standards to improve the maturity levels.
About the GDPR
In the current digital society in which technical tools are improved in an very fast pace, it is irresponsible if there aren’t any registered processes for information security and privacy. The General Data Protection Regulation is created to regulate the privacy and the protection of European citizens. European businesses, organizations and government agencies, are obliged to implement measures to conform to this new regulation. When no measures are taken, the organizition could be sanctioned in the form of a fine. These fines could add up to 20 million Euro’s, or 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher. The General Data Protection Regulation can’t be ignored. For any businesses, organizations and government agencies, it would be irresponsible if confidential and highly sensitive personal data would be published unauthorized. Legal responsibility and liability lies with the chairman of the board of directors of businesses, organizations and government agencies. In the new European regulation there are some mandatory measures. Examples of these measures are: risk assessment, data protection impact assessment, dataregister, documenting measures, transparency, integrity and confidentiality, accountability, purpose limitation, data minimisation. The foundation needs to appoint an Data Protection Officer.
Technical and organisational measures need to be designed to your business processes. Examples of these measures are policies, employee rules, guidelines and regulations, technical measures and organizational measures on the domains information security, privacy and data breach. By applying the service of The Privacy Advisor your company will achieve a profound basis level of information security, privacy and data breach in compliance with the General Data Protection Regulation (GDPR). Mandatory to these measures is a continuous improvement cycle like the PDCA cycle. The measures are designed for your company to your company business processes to measure and assure that the personal identifiable information is protected and save and committed to the GDPR.