GDPR compliance services
The European Union (EU) adopted in April 2016 new regulation, the General Data Protection Regulation (GDPR), to protect the personal data of natural persons (any identified or identifiable natural person - data subject) and to give the data subjects more control of their personal data (with sensitive personal data as special category). The GDPR places new rules on the export of personal data outside the EU, i.e. to process the data by non-EU institutions and companies. The new regulations will go into effect on May 25th, 2018 (deadline), which means companies that either do business within the EU or do process the data subject's personal data need to be compliant with GDPR. It means to start preparing for the GDPR. The difference comparing to similar steps in the past are significant fines on breaching the GDPR (up to 20 million of EUR or 4% od worldwide group's turnover).
GDPR calls for a sequence of legal steps and ICT steps to make necessary changes in databases with consequent changes in company's processes. It is quite complex process with complexity calling for Project Management.
The company's responsibility is on the Board. The Board has to create the DPO position (Data Protection Officer) to keep the company to be GDPR compliant. DPO will create and maintain the indication to reach the goal. The DPO, whether or not he/she is an employee of the GDPR controller, should be in a position to perform their company's GDPR compliance. It is possible to outsource such a position (DPO-as-a-Service).
More details: http://ec.europa.eu/justice/data-protection/