GDPR

Fundamentally, data plays a important role in almost all aspects of our lives. Your name, (email)address, credit card number and more are collected, analyzed or stored by organizations. Under the new GDPR terms, organizations will have to ensure that all these personal data is gathered legally and under strict conditions and that those who collect and manage the data are obliged to protect it from misuse and exploitation.

According to the GDPR organizations need to understand the difference between data controllers and data processors. The data controller determines the purposes for which and the means by which personal data is processed and therefore decides ‘why’ and ‘how’ the personal data should be processed. The data processor is normally a third external party and processes personal data on behalf of the controller. The duties of the processor towards the controller should be specified in a contract: the so called data processing agreement.

The GDPR introduces the requirement for a personal data breach to be notified to the national supervisory authority. Although you may have taken every step necessary to minimalize risk, breaches are unfortunately never hundred percent preventable. Controllers and processors are therefore encouraged to plan ahead to be able to detect and immediately end a breach and to determine whether it is necessary to notify the competent supervisory authority and the individuals involved.

Failure to comply with the requirements of the GDPR can lead to high fines. To prevent that from happening Kiwa can help organizations in information and privacy security, with assessments, audits and certifications.