The General Data Protection Regulation (2016/679), which came into force on 25th May 2018, has set guidelines for the collection and processing of personal data of individuals in the EU/EEA. It also regulates the flow of personal data outside the EU/EEA.
Organizations both inside and outside the EU/EEA that collect and process information on individuals in the EU/EEA must comply with the GDPR. Kyte offers a complete consultancy service to ensure organisations satisfy all legal and technical requirements to comply with the Regulation.
Data Protection Health check (Pre-assessment)
- Preliminary compliance assessment.
- Triage of which issues must be tackled, according to their risk level.
Assistance with documentation data flows, processes, policies and procedures
- Document data flows, processes, policies and procedures.
- Establish baselines – “do it right the first time” for your employees.
- Satisfy obligation to provide documentation to a Data Protection Authority when required.
Data Protection Impact Assessment
A DPIA must be performed where processing is likely to result in a high risk to the rights and freedoms of natural persons. It shall contain at least:
- A description of processing and operations.
- An assessment of the necessity and proportionality of the processing.
- An assessment of the risks to the rights and freedoms of data subjects.
- The measures envisaged to address the risks.
- Evidence of compliance with approved codes of conduct.
- A statement as to whether data subjects have been consulted.
Assistance with data protection audits or discussions with the Supervisory Authorities
- Bridge gap between what regulators and businesses want to achieve.
Assist to find working solutions to smoothen the path to being compliant.
DPO (Data Protection Officer) Services
- Ongoing information and advice
- Monitor compliance.
- Advise with regard to data protection impact assessments.
- Co-operate and liaise with the supervisory authority.
- Be a point of contact for data subjects if they feel aggrieved.
- E-learning Data protection and Information Security awareness training through our dedicated platform. We teach the basics of data protection, principles, rights and obligations as well as how to protect personal data.
- Face-to-face customized training for your employees and company. We aim to make it both informative as well as practical for your needs with the ability.
Third party solutions
Kyte partner with first class solution providers to assist you in complying with the GDPR, amongst which Computime Technology – providers of IT Security, Business Continuity and Disaster Recovery solutions.
Who does the GDPR apply to?
The GDPR applies to all EU/EEA companies as well as companies outside the EU/EEA that offer goods or services (either paid or free) or monitors the behaviour of subjects in the EU/EEA.
Does my company need to appoint a DPO?
Yes: if you are a public authority; if your core activities consist of processing operations which require systematic monitoring of personal data on a large scale; if your company is processing large scale of special categories of data or personal data which relates to criminal offences; or if your member state law requires you to do so. The Data Protection Officer can be appointed within your company or be outsourced.
Does my company need to carry out a DPIA?
Where a type of processing, in particular when using new technologies, may result in a high risk to the rights and freedoms of natural persons, the Controller must conduct a Data Protection Impact Assessment prior to processing. Member state laws can also require a DPIA for certain categories of Controllers (e.g. a B2C iGaming Operator licensed by the MGA).
What happens if I do not comply?
Fines for non-compliance go up to €20mm or 4% of your worldwide turnover, whichever is greater. You may also be subject to lawsuits and a request for compensation from data subjects if your processing of personal data causes them a material or non-material damage.
What is the difference between Data Controller and a Data Processor?
The Data Controller decides the means and purposes for processing personal data, the Data Processor processes personal data on behalf of a Controller. Different levels of responsibilities lie on each party.