For us, it is first and foremost important to get an overview of the activities within the organisation and the level of compliance and accountability in the field of data protection and information security. This allows us to identify areas of non-compliance with the European Data Protection Regulation and then make improvements within your organisation. As a result of our services, the organisation and all business processes in which personal data is processed will be compliant with the GDPR. After all, we want to stimulate the culture of compliance and respect for personal privacy.
Data Protection Audit
The purpose of the audit is to analyse the way in which personal data is managed or processed by the organisation. This phase will be concluded with a diagnostic report on the current situation of the organisation in the field of privacy and data protection and the degree of compliance with legal, technical and organizational security requirements. During the assessment, the following aspects of the GDPR are checked, among others, to ensure that they are complied with correctly and fully:
- Privacy by design
- Agreements between joint data controllers
- Agreements between data controller and processors
- Maintaining a record of processing activities
- Security of personal data
- Procedure in case of data breaches
- Rights of data subjects
- Necessity of a data protection officer or data protection impact assessment
Data Protection Implementation
We will prepare the necessary documents so that they can be implemented within the organisation. In this way, the organisation can demonstrate that they comply with the rules from the GDPR. The documentation will include the following documents:
- RECORD OF PROCESSING ACTIVITIES
Establishing a record of processing activities in order to be able to comply with the GDPR’s accountability requirements.
- CLAUSES ADAPTED TO THE GDPR
Revision, drafting or discussion of the clauses adapted to the GDPR.
- PROCESSOR AGREEMENTS WITH THIRD PARTIES
Revision, drafting or discussion of the agreements with third parties adapted to the GDPR.
- HUMAN RESOURCES – NOTIFICATION PROCEDURE
Best practices (Privacy / IT) for the legal notice of employees (HR), support in the selection and monitoring of those responsible for processing.
- RIGHTS OF DATA SUBJECTS
Access, rectification, objection, erasure, portability of data and limitation of processing. Review and assistance in dealing with requests by data subjects exercising their rights.
- DATA BREACHES
Establishing a protocol for the notification of data breaches.
- INTERNATIONAL TRANSFERS OF DATA
Should there be an international transfer of personal data, we will ensure that this can take place in an adequate manner.
Data Protection Officer
eProdat will perform the role of the Data Protection Officer. The Data Protection Officer will provide the organisation with legal and technical advice on compliance with existing European privacy and personal data protection rules.
eProdat will deal with any legal matter relating to compliance with any legal obligation concerning the consent and information of data subjects, the processing of special categories of data, the transfer and/or communication of data, the processing of data by third parties, the processing and answering of requests concerning the exercise of data subjects’ rights, and the recording, alteration or erasure of private files.
eProdat will perform the following maintenance services on behalf of the organisation:
- Resolution of legal GDPR doubts regarding the processing of personal data. Legal advice on an ongoing basis and specific service levels to resolve any doubts and questions regarding data protection and privacy regulations.
- Legal GDPR reports – Preparation of supporting and advisory legal reports to ensure adequate processing of data in accordance with existing data protection regulations.
- Preparation of legal opinions – Legal opinions will be prepared on matters such as the processing and handling of requests for the right of access, rectification, erasure and objection to the processing of data; drafting and reviewing contracts and/or agreements for the processing of data by third parties; drafting clauses on data protection, confidentiality and access to data by third parties.
- Support in particular to GDPR projects – Legal and technical support to projects related to data protection obligations stemming from European and national regulations.
- Recommendation of preventive measures to prevent security incidents (data breaches) that could result in the initiation of disciplinary proceedings.
- Personal support and support during inspections by the data protection authority. Legal advice in all disciplinary proceedings, up to the relevant administrative appeal.
- Advice on the application of the procedures for the exercise of data subjects’ rights (objection, access, rectification and erasure of data) and on any technical action resulting therefrom.
- Independence and confidentiality
- Expert knowledge of regulations
- Support of eProdat’s network of consultants
- Experience with supervisory authorities
Data Protection Impact Assessment
In certain situations a organisation requires the execution of one or more DPIA’s. eProdat will first assess how large the impact of processing such activities can be and how far-reaching the assessment should go. Subsequently, in consultation with the organisation, the further course of the impact assessment will be discussed.
A DPIA by eProdat is preventive and works as an early warning system and can influence the design or result of a processing procedure. This allows for a proactive response. It is an integral part of a “privacy by design” approach.
- Identify and reduce the privacy risks of new projects or practices
- Minimising risks
- Prevention of unlawful processing
- Implementation of privacy by design and default
- Systematic description of the processing and its purposes (including, where appropriate, the legitimate interest pursued by the controller).
- Assessment of the necessity and proportionality of the processing.
- Assessment of the risks to the rights and freedoms of data subjects (taking into account the expectations of data subjects) and evaluation of the level of risk on the basis of their likelihood and impact.
- Measures envisaged to address the risks (including safeguards, security measures and mechanisms such as pseudonymisation, anonymisation, encryption, local storage, limitation of access, limitation of retention). Compliance with approved codes of conduct shall be taken into account.
Training & E-learning
The organisation shall take all necessary measures to ensure that all staff are aware of the security policy applicable to their respective duties and of the consequences arising from non-compliance. If necessary, legal and technical training will be given at this stage to inform record managers, security officers and other members of the organisation of all applicable legal and technical requirements.
The content of the courses developed by eProdat will be used to support the training of employees through e-learning.
On-site training of managers and department heads in the formula of a “classroom course” for the number of hours set.
Our online portal (SIGPAC Privacy CORE®) is based on eProdat’s proprietary software developed specifically for the management of companies that, due to their size or special characteristics, require flexible, versatile and standardised management tools for their entire data protection policy, including the ongoing maintenance of privacy management activities.
E-privacy & E-commerce
We make sure that you are compliant with regard to e-privacy, Digital Business Internet, websites and social media. These need to be up to date and adequate to the GDPR at all times.
When the organisation demonstrates that it has fully implemented our data protection recommendations in their structure, they will be allowed to display an eProdat certificate of compliance. This enables them to indicate that they comply with the GDPR.
US Privacy Adaptation
At eProdat, we are committed to data protection beyond the borders of the European Union. That’s why we are able to certify your company in countries with their own legislation that deviates from the GDPR. For companies with offices or activities in the United States, eProdat ensures compliance with international agreements such as the Privacy Shield and national laws such as the CCPA, COPPA and FERPA.