The General Data Protection Regulation (Regulation 2016/679/EU) is a single legislative instrument adopted by the European Council which will repeal and replace the Data Protection Directive, and with it all the data protection laws of each EU Member State. It was adopted on 8th April 2016, and all organizations have to be fully compliant with its regulations by 25th May 2018.
- New rights for data subjects;
- Increased information to be provided to data subjects;
- New stringent rules on obtaining and demonstrating consent;
- Expansion of definition of special categories of data;
- New concepts of ‘privacy by design’ and ‘privacy by default’;
- Increased accountability for the data controller and data processor;
- New role of Data Protection Officer (‘DPO’);
- Maximum of fines increased;
- No longer limited to data processing within the EU;
- Possibility of obtaining GDPR compliance certification, seals and marks.
How can ECOVIS help?
All these new obligations may seem overwhelming to organizations needing to comply with the GDPR by 25th May 2018. ECOVIS Malta can assist your organization by providing the right legal and technical advice and assistance throughout this process. Our legal team can draft privacy policies and other T&Cs for your organization and offer advice regarding DPOs and other staff members, whilst our IT team can help your organization with data mapping (locating your data collection sources, such as physical forms, contracts, location data and CCTV, and your data storage locations, such as folders, e-mails, pen-drives and the cloud), developing the correct mechanisms to protect and secure your data, restricting access to data within departments, pseudonymising data, implementing audit trails, as well as setting up of data registers and breach registers. For further information, contact ECOVIS Malta on firstname.lastname@example.org.