GDPR Compliance and Consultancy

Comprehensive assessment of GDPR compliance for your company’s websites and applications. Our experts will develop for you a plan of actions to reach compliance and therefore avoid high fines.

What is GDPR?

The GDPR (General Data Protection Regulation) is a new law of European Union, designed to enhance data protection for EU residents and provide a consolidated framework to guide business usage of personal data across the member states.

On the 25 May 2018, GDPR comes into effect, replacing the patchwork of existing regulations and frameworks, especially the 20-year-old Directive 95/46/EC.

The reach of the GDPR extends beyond the Directive it replaces. Your business must comply with GDPR if:

  • Your company offers services and/or goods to EU Residents, and/or
  • your company monitors the behavior of EU Residents, and/or
  • your company has employees in the European Union.

As a consequence, any website or application with any EU visitors, customers or users must comply with the GDPR. It is important to stress that EU Resident is anyone physically residing in the EU, even if they are not EU citizens.

Also one has to remember, that The GDPR defines personal data in rather broad terms. Even work email address can be considered as personal data, so the web form for such emails must be GDPR-compliant.

What are the risks of non-compliance?

The penalty for non-compliance is up to €20 million, or up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.

There are also other consequences of GDPR violations, including loss of trust, damage to brand and legal fees associated with responding to a formal inquiry from Supervisory Authorities.

These public officers have both investigative and corrective powers. Supervisory Authorities are able to:

  • carry out an audit of your website and/or application
  • issue warning for non-compliance
  • issue corrective measures with deadlines.

Why GDPR compliance is so hard?

The GDPR provides many protections for individual rights, including:

  • right to access
  • right to data portability,
  • right to erasure,
  • right to information,
  • right to object,
  • right to rectification,
  • right to restrict processing.

To receive and accommodate requests relating to these rights, new processes and technological features may have to be created within your websites and/or applications.

Also, if your business involves regular and systematic monitoring of data subjects on a large scale or you are processing on large scale special categories of personal data, the special role of Data Protection Officer (DPO) must be appointed in your organization.

These new requirements are raising the bar way above current privacy practices for most companies, making the GDPR compliance very hard for smaller companies, lacking the dedicated law and IT teams.

How Matsuu can help in achieving GDPR compliance?

We want to make sure that your website and/or mobile application is compliant with GDPR. In order to achieve this, we will:

  1. perform a compliance and security audit to reveal how personal data is being processed and stored on your servers (or in the cloud),
  2. analyze the processes of breach detection and notification (under the GDPR, a notification must be sent within 72 hours of becoming aware of a breach),
  3. adjust the user interface to assure getting explicit consent of users to process their data,
  4. help you with establishing safe policy for data processing and data storage,
  5. develop the code needed to provide users the right to access data, the right to erase data (to be forgotten) and the right to download data (data portability clause),
  6. resolve other GDPR compliance issues detected during our preliminary audit,
  7. help with establishing Data Protection Officer for your organization (if needed),
  8. introduce additional security measures for special data categories (if needed),
  9. perform a final audit of GDPR compliance.
  10. maintain ongoing reporting of compliance for your website and/or application.

We know that the GDPR is a complex regulatory law. Many smaller companies may be afraid that being compliant is an impossible task.

Have no fear – our experts will help you with all crucial pieces of the assessment, implementation, and maintenance of GDPR compliance.

Interested?

Write to us.