Data Protection Consultation at KINAST
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a set of rules that unifies the way personal data is processed by controllers across the EU. The goal of this regulation is to protect people’s privacy rights and ensure that their data is handled in a safe, secure, and responsible manner.
- Ad hoc legal consultation
- Individual, efficient solutions
- Data inventory service
- Contract drafting
- Transparent Pricing Structure
The basics:
What is the GDPR?
The European General Data Protection Regulation (GDPR) is an EU regulation in force since May 25th, 2018, and regulating the protection of personal data in the EU and the EEA. The regulation lays down rules related to the protection of natural persons, so-called data subjects, with regard to the processing of personal data and rules related to the free movement of personal data within the EU.
The GDPR's primary purpose
As it protects fundamental rights and freedoms of individuals, the GDPR is a component of privacy law and of human rights law in the EU and EEA. It’s primary regulatory purpose is to enhance individuals’ control and rights over their personal data and to regulate international data transfers from the EU to countries outside the EU and EEA.
The GDPR provisions have 'extraterritorial' effect.
That means, the GDPR also applies to companies which are established outside of the EU/EEA when personal data of individuals who are located in the EU is processed.
Full service GDPR compliance
Our five steps to success:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
How does the GDPR impact businesses?
GDPR is the most significant change to data protection law in two decades, and it impacts businesses in a number of ways. Firstly, companies must obtain explicit consent from their customers before collecting, storing or using their personal data. They must also provide clear and concise information about their rights under GDPR, and ensure that customers can easily withdraw their consent if they no longer want their data to be processed.
Furthermore, companies are required to implement adequate security measures to protect the personal data of their customers, and report any breaches promptly. Non-compliance with GDPR can result in heavy fines.
GDPR breakdown:
- International Data Flow
- Standard Contractual Clauses
- Binding Corporate Rules
- Transfer Impact Assessment
- Data Breach Management
Non-Compliance can be costly!
Non-compliance with GDPR can result in heavy fines. Companies that do not comply with GDPR law can be fined up to 4% of their global annual revenue or €20 million (whichever is greater), and individual data controllers can be fined up to €10 million. These fines are designed to incentivize companies to become compliant with GDPR, and failure to do so could have serious financial consequences.
GDPR compliance in your international company or corporation, guaranteed.
To really guarantee your GDPR compliance, we recommend our full service External Data Protection Officer. To maximise a timely and cost effective execution of necessary data protection measurements, we’ve developed our own concept based on a three-point plan:
As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.
In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.
Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.
Reasons to choose the KINAST legal team for international data protection and GDPR consultation
We have more than fifteen years experience in advising enterprises, international companies, groups of companies as well as small and medium sized companies on data privacy issues and related areas of law. Our know-how covers international data transfer mechanisms, implementation of data privacy management systems and harmonization of different data privacy requirements that apply to multinational companies.
Our approach is to anticipate and tackle each new requirement in the world of data privacy and a legal landscape that is constantly changing. We are able to find pragmatic solutions that not only meet the legal requirements, but also the business needs.
Expertise
We are an experienced team of lawyers with many years of experience and knowledge in data protection law, data security and as DPOs.
Practical experience
Due to many years of practical experience we know companies "from the inside". In colloquial terms, you should be able to "live what we advise".
IT affinity
Regardless of existing or new IT systems, our attorneys have a profound technical understanding and advise you accordingly.
Cost transparency
We work on the basis of fixed hourly contingents, keeping pricing simple and managable.
Guaranteed legality
We are not only outstanding data protector officers, but also experienced lawyers.
Individual solutions
We do not work "off the peg", but offer tailor-made concepts, specifically for your business.
Efficient organisation und communication
Our soluitions lay high priority on open communication, transparent project management and defined goals.
Drafting of legal documents
We draft guidelines, work instructions, operating and service agreements, declarations of consent and commitment, lists of procedures and contracts on a daily business.
Personality and continuity
We do not provide you with just any resource, but with the right colleague for you – permanently and without unpleasant changes.
Keep your business on the right track when it comes to GDPR compliance
Maintaining GDPR is an ongoing challenge as the legal landscape is constantly changing. With our know-how and expertise our clients can tackle every new legal challenge in data privacy such as international data transfer assessments as well as hardware devices and the use of Artifical Intelligence (AI).
Feel free to contact us today for a free, no obligation consultation.
Send this page to a colleague?
Frequently asked questions
We understand that many clients still have questions about the GDPR and international data protection law. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.
The GDPR is a EU law that was implemented on May 25th, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.
In general, any organization that processes the personal data of EU citizens must comply with the GDPR.
The GDPR enables regulatory authorities in each EU member state to issue sanctions and fines to organizations they find in violation of GDPR requirements. The maximum penalty is € 20,000,000 or 4 % of global revenue, whichever is higher. Regulators can also issue sanctions, such as bans on data processing or public reprimands.
Companies can comply with the GDPR by implementing technical and organizational measures to protect personal data they control. The first step is to conduct a GDPR assessment to determine what personal data they control, where they are located, and how they are secured. Companies also need to adhere to the privacy principles outlined in the GDPR, such as having valid legal bases in place when processing personal data, for instance, obtaining consent. It may also be required to appoint a DPO.