General Data Protection Regulation (GDPR) replaces the current European Data Protection Directive in May 2018.
The current directive has been implemented in national legislations since 1998. There are several changes that are challenging and important for organizations doing business within the European Union. The sanctions can be up to 4% of the revenue of the organization.
This is parts of the new directive that effects your business:
- For handling privacy information there must be legal grounds or active consent
- Systems must be designed to handle a minimum of privacy data – Privacy by Design
- Citizens have the right to be forgotten as well as having a copy of their data extracted and sent to them
- An incident should be reported within 72 hours after detection
- Larger organizations that process privacy data must appoint a Data Privacy Officer
Zacco have the capability to support your compliance effort with specialist competence in privacy law, information security and software systems.
We have a strong team of compliance program managers and specialist that have implemented privacy requirements, payment card industry standards and Sarbanes-Oxley compliance.
Our team also consists of system architects and integration specialist able to re-design and rebuild your system landscape in order to support compliance and Privacy-by-Design.