iPrivacy

At iPrivacy we provide a professional Data Protection Impact Assessment of your company and a reliable set of measures to make your company fully GDPR compliant.

Contact Us Now!

The EU General Data Protection Regulation (GDPR) is the most important change in data privacy regulation in 20 years – we’re here to make sure you’re prepared.

Can you afford a fine of up to 4% annual turnover?

Reduce your Risk!

Days

Hours

Minutes

Seconds

Why us?

Because we can make it simple. We have the knowledge, the understanding and the resources to make this complex know-how, simple for you. Effective, efficient and simple.

Our approach

We dont believe "one size fits all". We advise companies from various industries on how to prepare for and comply with GDPR requirements carefully considering the specific current and foreseeble needs of each organisation.

How can we help?

The projects may vary in scope and duration, from gap analysis to enhanced implementation plans with ongoing support. The approach is customised considering the organisations current level of development and preparedness regarding its data processing activities, personal data flow and data protection security level.

Who does the GDPR apply to?

The GDPR applies to ‘controllers’ and ‘processors’.

The controller determines the purposes and means of processing personal data.
The processor is responsible for processing personal data on behalf of a controller.
For the processor, the GDPR provides specific legal obligations e.g. the requirement to maintain records of personal data and processing activities.
The processor will have legal liability if responsible for a breach.
The controller is not relieved of the obligations if a processor is involved and is responsible to ensure that the contracts with processor are GDPR compliant.
GDPR applies to personal data processing carried out by organisations operating within the EU.
GDPR also applies to organisations outside the EU that offer goods or services to individuals in the EU.

What information does the GDPR apply to?

The GDPR applies to ‘personal data’ which means any information relating to an identifiable person who can be directly or indirectly identified in particular by reference to an identifier.
Personal data, includes name, email, id number, location data or online identifier, etc.
The GDPR applies to both automated personal data and to manual filing systems where personal data are accessible according to specific criteria.
This could include chronologically ordered sets of manual records containing personal data.
Personal data that has been pseudonymised can fall within the scope of the GDPR depending on how difficult it is to attribute the pseudonym to a particular individual.
The GDPR refers to sensitive personal data as “special categories of personal data” (see Article 9).
The special categories specifically include genetic data, and biometric data where processed to uniquely identify an individual.

What are the professional qualities that the Data Protection Officer should have?

The DPO shall be designated on the basis of professional qualities and, in particular, expert knowledge of data protection law and practices and the ability to fulfil his or her tasks. The necessary level of expert knowledge should be determined according to the data processing operations carried out and the protection required for the personal data being processed.

For example, where a data processing activity is particularly complex, or where a large amount of sensitive data is involved, the DPO may need a higher level of expertise and support.

Relevant skills and expertise include:

expertise in national and European data protection laws and practices including an in-depth understanding of the GDPR
understanding of the processing operations carried out
understanding of information technologies and data security
knowledge of the business sector and the organisation
ability to promote a data protection culture within the organisation

Source: Article 37(5) of the GDPR

iPrivacy

Contact Us Now!