Data Protection Consultation at KINAST
General Data Protection Regulation
The General Data Protection Regulation (GDPR) is a set of rules that unifies the way personal data is processed by controllers across the EU. The goal of this regulation is to protect people’s privacy rights and ensure that their data is handled in a safe, secure, and responsible manner.
What is the GDPR?
The European General Data Protection Regulation (GDPR) is an EU regulation in force since May 25th, 2018, and regulating the protection of personal data in the EU and the EEA. The regulation lays down rules related to the protection of natural persons, so-called data subjects, with regard to the processing of personal data and rules related to the free movement of personal data within the EU.
The GDPR's primary purpose
As it protects fundamental rights and freedoms of individuals, the GDPR is a component of privacy law and of human rights law in the EU and EEA. It’s primary regulatory purpose is to enhance individuals’ control and rights over their personal data and to regulate international data transfers from the EU to countries outside the EU and EEA.
Full service GDPR compliance
Our five steps to success:
Introduction of your company and KINAST as well as the relevant contact persons. Discussion of the current data protection setup and most important data protection topics.
We conduct data protection audit on-site or based on questionnaires to evaluate the current data protection status of your company.
Document the current data protection status and define further required actions if necessary.
We carry out all necessary measures identified during the data protection audit.
Designation as External data protection officer and on-going consultation starting from day 1.
How does the GDPR impact businesses?
GDPR is the most significant change to data protection law in two decades, and it impacts businesses in a number of ways. Firstly, companies must obtain explicit consent from their customers before collecting, storing or using their personal data. They must also provide clear and concise information about their rights under GDPR, and ensure that customers can easily withdraw their consent if they no longer want their data to be processed.
Furthermore, companies are required to implement adequate security measures to protect the personal data of their customers, and report any breaches promptly. Non-compliance with GDPR can result in heavy fines.
GDPR compliance in your international company or corporation, guaranteed.
To really guarantee your GDPR compliance, we recommend our full service External Data Protection Officer. To maximise a timely and cost effective execution of necessary data protection measurements, we’ve developed our own concept based on a three-point plan:
As a first step, we carry out a risk assessment in your company. We carry out the risk assessment either on-site or remotely. Based on the findings, we prepare a report that documents the degree of compliance with data protection standards. Furthermore, the report identifies any vulnerabilities, proposes suitable measures to remedy those vulnerabilities, defines responsibilities and sets a timetable for the implementation of these measures.
In a next step, we implement any measures which we identified within the framework of the risk assessment. Whereby great importance is attached to binding your internal resources as little as possible.
Finally, as an External DPO, we permanently support your company regarding all aspects of data protection. Therefore, we ensure an ongoing compliance with legal standards, the adaptation of procedures to the requirements of new laws and the consideration of current changes in internal processes.
Reasons to choose the KINAST legal team for international data protection and GDPR consultation
We have more than fifteen years experience in advising enterprises, international companies, groups of companies as well as small and medium sized companies on data privacy issues and related areas of law. Our know-how covers international data transfer mechanisms, implementation of data privacy management systems and harmonization of different data privacy requirements that apply to multinational companies.
Our approach is to anticipate and tackle each new requirement in the world of data privacy and a legal landscape that is constantly changing. We are able to find pragmatic solutions that not only meet the legal requirements, but also the business needs.
Keep your business on the right track when it comes to GDPR compliance
Maintaining GDPR is an ongoing challenge as the legal landscape is constantly changing. With our know-how and expertise our clients can tackle every new legal challenge in data privacy such as international data transfer assessments as well as hardware devices and the use of Artifical Intelligence (AI).
Feel free to contact us today for a free, no obligation consultation.
Send this page to a colleague?
Frequently asked questions
We understand that many clients still have questions about the GDPR and international data protection law. We’ve answered some of the most frequently asked questions here. If you have more specific or specialist questions, feel free to contact us, and one of our Lawyers or Data Protection Officers will get back to you as soon as possible.
The GDPR is a EU law that was implemented on May 25th, 2018, and requires organizations to safeguard personal data and uphold the privacy rights of anyone in EU territory.
In general, any organization that processes the personal data of EU citizens must comply with the GDPR.
The GDPR enables regulatory authorities in each EU member state to issue sanctions and fines to organizations they find in violation of GDPR requirements. The maximum penalty is € 20,000,000 or 4 % of global revenue, whichever is higher. Regulators can also issue sanctions, such as bans on data processing or public reprimands.
Companies can comply with the GDPR by implementing technical and organizational measures to protect personal data they control. The first step is to conduct a GDPR assessment to determine what personal data they control, where they are located, and how they are secured. Companies also need to adhere to the privacy principles outlined in the GDPR, such as having valid legal bases in place when processing personal data, for instance, obtaining consent. It may also be required to appoint a DPO.