Protection of personal data – GDPR has become a security imperative to which the Law on Personal Data Protection (“Official Gazette of RS”, No. 87/2018) and the new legal framework of the European Union, the GDPR Regulation, the General Data Protection Regulation ) which started with the implementation on May 25, 2018 and is binding for the member states of the European Union, but also for companies outside the EU that do business with member states.
What has accelerated the adoption of such a regulation is the fact that over 80% of security incidents in which data loss occurs due to negligence, ignorance, and lack of security culture of employees. The damage prevented by adequate and continuous education as well as other procedural – preventive measures, which is often a step that most companies and organizations overlook or skip.
What do the Personal Data Protection Act and the GDPR regulation bring?
The Law on Personal Data Protection and the Regulation of the European Union on Personal Data Protection – GDPR, represent a new balance that has gained its regulatory meaning and it is necessary to point out that this regulation creates a need to revise business models and strategies of European and non-European companies. its services and goods in the EU. Regulatory changes brought by the GDPR Regulation on Personal Data Protection relate to changes in traditional security approaches and legal institutes, but also to the introduction of new business rules and improved security strategies.
One of the most controversial facts related to the GDPR is that every entity that operates or has a registered residence in the territory of the European Union is subject to this legislation. In practice, this means that anyone in contact with user information (from email address to credit card information) must comply with the provisions of the GDPR. What is new in this regulation is that the user regains the right to his own information, through the possibility of requesting the deletion of his data from all digital services of the company or institution to which the data entrusted for safekeeping.
Pursuant to the legal regulations, a legal entity is obliged to obtain the written consent of a natural person for processing and handling his personal data, which includes personal name, unique personal identification number of citizens, passport or ID card number, email address, bank account, address and other characteristics, psychological, religious, economic, cultural or social identity.
In case of compromise or complete loss of personal data of clients and direct responsibility of the company established, the sanctions for omissions are extremely high and range up to 4% of annual turnover. Therefore, further business may be in question, because it is rare that the budget of a small or medium enterprise can survive such an incident.
Personal Data Protection Act – GDPR regulation primarily refers to:
- Storage and warehousing of user data and personal information.
- Use of personal devices (mobile phones, external memories, USB sticks, social network profiles, etch) on the business network.
- Business correspondence (e-mail communication to verified and unverified contacts).
- Introduction of security procedures and protocols that will regulate the way of handling and processing user data within the company.
- Constant education of employees on the topic of cyber risk, cyber security, data storage and current regulations.
- Improvement and internal promotion of security culture as the best preventive measures.
Our services include:
- Audits and assessments of compliance and legal compliance.
- Advisory and consulting services for the implementation of the ZZPL / GDPR regulation.
- GAP analysis and mapping of personal data
- DPIA (Data Protection Impact Assessment)
- Data Protection Officer (DPO).
- Implementation of organizational – technical measures and procedures for data protection.
- Security Incident and Violation Management.
- Rapid response, damage reporting and remediation services.
- Training, education, and testing of employees in the field of ZZPL / GDPR.
- Providing software for monitoring compliance with the GDPR regulation.
- Industrial-business codes and best practices.
- Assessment of the impact of processing on the protection of personal data.