fbpx
  • Marielundvej 28, 1., 2730 Herlev, DK
  • +45 26 80 46 42
  • hello@eywa.dk

GDPR & Compliancy

The General Data Protection Regulation (“GDPR”) is the European Union’s comprehensive privacy law, which likely applies to your organization, even if you have no physical or legal presence in the EU.

 

 

Data security is critical

 

The General Data Protection Regulation (GDPR) is a European regulation that aims to improve and standardise how organisations operating across the EU collect, handle, process, and store personal data such as HR records and customer lists.


The GDPR requires organisations to improve information security and governance.

 

 

Who is subject to the GDPR?

 

The GDPR affects all organisations that process personal data and operate within or sell goods to the EU. The term “processing” refers to nearly every type of data usage, including collection, storage, retrieval, alteration, storage, and destruction.


The GDPR applies to both ‘controllers’ and ‘processors’ of data. The purpose and manner in which data is processed are determined by data controllers.

Data processors are any third-party who processes data on behalf of a controller.

 

 

The significance of ensuring personal data security

 

Principle 6 of the GDPR states that personal data should be processed appropriately to ensure ongoing data security.


Personal data protection against unauthorised processing, accidental loss, and destruction should be a priority for all organisations.

 

 

Why choose us?

  • Proven track record of GDPR implementation success across industries.
  • GDPR compliance programme that is fully customizable and tailored to your specific needs.
  • We take a holistic approach to assisting you in identifying business opportunities hidden within the GDPR.
  • A risk-based, strategic approach to compliance.
  • Beyond EU privacy law EywaSystems is your end-to-end partner for the entire privacy and cybersecurity domain. For all organizations that process personal data, the GDPR makes it important to understand and introduce measures to review and mitigate cyber security risks. Explore our cybersecurity offerings further.

EywaSystems can effectively implement a risk-based GDPR compliance programme for your business.

 

Our core activities include:

Eyawasystems walks you through a discovery exercise to create your data processing records (as required by Article 30 GDPR). This diligence becomes a valuable information resource throughout your initial GDPR compliance project and beyond.

EywaSystems will review your organization’s privacy policy and, if necessary, propose improvements to the existing policy or write a new one, if necessary, to comply with the GDPR. If consent is the most appropriate legal basis for certain data processing operations in your organization, we will analyse your organization’s current data collection points and recommend ways to implement consent management or improve the quality of consent acquired in accordance with the requirements of GDPR Article 7.

EywaSystems will examine each information system that is subject to the GDPR and identify cases where data subject rights (right to be forgotten, right to access, correct, and update one’s personal data, right to restrict processing, and so on) are not supported. Our team will assist you in scoring or ranking all compliance gaps and developing practical solutions to address critical compliance risks.
The GDPR imposes specific obligations on you and any service organization you hire to process personal data on your behalf. EywaSystems has developed a mature methodology, including an internal knowledge base, for successfully negotiating GDPR-compliant data processing addenda with common service providers.

In some cases, a data protection impact assessment must be performed before embarking on new data processing initiatives under the GDPR, in accordance with the requirements of GDPR Article 35.

 

EywaSystems provides comprehensive support and unbiased advice on your DPIA, as well as a DPIA template and documented DPIA procedure template for you to use in conducting your own DPIAs.

 

 

A DPIA should include:

 

        –  A systematic description of processing operations, including the purpose for processing.

 

        – An assessment of the necessity and proportionality of the processing operations.

 

        – An assessment of the risks to individuals’ rights and freedoms.

 

       – Measures to address identified risks, including safeguards and mechanisms to ensure personal data protection.

 

 

* A Data Protection Impact Assessment (DPIA) is a process that identifies and mitigates risks associated with the processing of personal data as early as possible. DPIAs are critical tools for mitigating risk and demonstrating GDPR compliance.

EywaSystems offers a comprehensive privacy and security training programme: This integrated programme includes training content that can be applied throughout your organisation. Detailed reporting supports in the documentation and demonstration of compliance.
Get in touch with our team for a tailored solution.

Contact The GDPR & Compliancy Team