iPrivacy


At iPrivacy we provide a professional Data Protection Impact Assessment of your company and a reliable set of measures to make your company fully GDPR compliant.



The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.

Can you afford a fine of up to 4% annual turnover?

Reduce your Risk!

00
Days
00
Hours
00
Minutes
00
Seconds

Why us?

Because we can make it simple. We have the knowledge, the understanding and the resources to make this complex know-how, simple for you. Effective, efficient and simple.




Our approach

We dont believe "one size fits all". We advise companies from various industries on how to prepare for and comply with GDPR requirements carefully considering the specific current and foreseeble needs of each organisation.



How can we help?

The projects may vary in scope and duration, from gap analysis to enhanced implementation plans with ongoing support. The approach is customised considering the organisations current level of development and preparedness regarding its data processing activities, personal data flow and data protection security level.

1


Who does the GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’.

  • check
    The controller determines the purposes and means of processing personal data.
  • check
    The processor is responsible for processing personal data on behalf of a controller.
  • check
    For the processor, the GDPR provides specific legal obligations e.g. the requirement to maintain records of personal data and processing activities.
  • check
    The processor will have legal liability if responsible for a breach.
  • check
    The controller is not relieved of the obligations if a processor is involved and is responsible to ensure that the contracts with processor are GDPR compliant.
  • check
    GDPR applies to personal data processing carried out by organisations operating within the EU.
  • check
    GDPR also applies to organisations outside the EU that offer goods or services to individuals in the EU.

2


What information does the GDPR apply to?

  • check
    The GDPR applies to ‘personal data’ which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
  • check
    Personal data, includes name, email, id number, location data or online identifier, etc.
  • check
    The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.
  • check
    This could include chronologically ordered sets of manual records containing personal data.
  • check
    Personal data that has been pseudonymised can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
  • check
    The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9).
  • check
    The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

3


What are the professional qualities that the Data Protection Officer should have?

The DPO shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil his or her tasks. The necessary level of expert knowledge should be determined according to the data processing operations carried out and the protection required for the personal data being processed.

For example, where a data processing activity is particularly complex, or where a large amount of sensitive data is involved, the DPO may need a higher level of expertise and support.

Relevant skills and expertise include:

  • check
    expertise in national and European data protection laws and practices including an in-depth understanding of the GDPR
  • check
    understanding of the processing operations carried out
  • check
    understanding of information technologies and data security
  • check
    knowledge of the business sector and the organisation
  • check
    ability to promote a data protection culture within the organisation

Source: Article 37(5) of the GDPR