What is the GDPR?

This new data protection standard extends to all companies which, in their operation hold and process personal data of citizens resident in the European Union or non-European citizens who have stayed in Europe and their data has been collected by companies, even if the management of personal data has already occurred outside European territory. This regulation extends to companies in any sector or volume of business.

In the event of failure to comply with the appropriate measures under the new data protection regulation, companies will be exposed to heavy fines - up to EUR 20 million or 4% of total annual turnover. In a scenario of non-compliance with the GDPR, personal data of individuals will be susceptible to undue access in the event of a possible computer attack, which should also be attributed to the company holding the information.

At this stage, a survey is made of the information regarding the understanding of the business model, as well as the information present in the operational flow - regarding its category and nature. This intervention will allow a comparison between what is practiced in the company and what is required by the new data protection standard.

At this stage, after familiarization with the internal processes, they are adapted and reviewed in the context of the new data protection scheme. This phase is marked by the planning and implementation of a transformation plan, capable of ensuring a correspondence with the new privacy standard. At this point in the GDPR implementation process, a Data Protection Officer (DPO) is appointed.

With a new strategy for compliance with the General Data Protection Scheme in your company, it is time to periodically monitor the processes and ensure that you have everything that is required to ensure the protection and security of the data of all your company's audiences.