In 2016 the EU adopted the General Data Protection Regulation (GDPR) replacing the 1995 Data protection Directive. The European Commission has said that 90% of European say they want the same data protection across the EU, regardless of where their data is processed. The reform of EU data protection rules mean people have more control over their personal data and businesses benefit from a level of playing field.
These changes which came into effect in May 2018, reflect an increased focus by the European Commission on data protection. The GDPR mean one set of rules for all companies operating in EU, wherever they are based. The following steps outline some of the key areas you should consider to help you prepare for the road ahead.
The GDPR requires your third party processors and joint controllers to be compliant. Businesses are required to review all contractual arrangements to understand where Personal Data is shared and stored and whether this data is ever transferred outside of the European Union .
How can KPMG help assess your third party processors and joint controllers?
KPMG have developed a Data Processor Assessment Model to analyse and evaluate your business' Third Party Processors and Joint Controllers. Our Model has been specifically designed to assess ' Organisational and Technical' security measures against six different domains
The GDPR gives Data Subjects several more rights, and therefore gives businesses additional responsibility when it comes to the processing of Personal Data. Firms should have Policies and Procedures outlining how to manage data requests.
The GDPR gives Data Subjects several more rights, and therefore gives businesses additional responsibility when it comes to the processing of Personal Data. Firms should have Policies and Procedures outlining how to manage data requests
How can KPMG help?
KPMG can offer a technology enabled solution to meet your needs, increasing the efficiency for your business in managing and responding to Data Subjects rights requests. We provide solutions that supports key Data Subject Request activities, importantly integrating with your existing processes and technologies to increase efficiencies in responding to requests.
The GDPR requires businesses to build data protection safeguards into their products and services from the earliest stages of development. By implementing appropriate safeguards and controls, data protection comes by default.
Are your safeguards and controls robust?
KPMG's safeguard and control assessment helps businesses to identify gaps, risks and pinpoint areas of vulnerability within your business. Our teams create solutions to minimise risks as well as working with the business to implement these controls.