The Advice Service on the implementation of Regulation (EU) 2016/679, known as GDPR (General Data Protection Regulation), is designed to help organisations understand, implement and maintain compliance with European data protection regulations.

The Regulation, applicable from 25 May 2018, establishes strict rules for the processing of personal data and gives individuals new rights.

Objectives

1. Understand the GDPR: To provide a clear understanding of the provisions of the GDPR and their impact on business activities.
2. Implement Compliance Systems: To assist organisations in developing and implementing policies, procedures and systems to ensure compliance with the GDPR.
3. Personal Data Protection: Ensuring that personal data is handled securely and in compliance with regulations.
4. Preparing for Audits: Preparing organisations for possible audits by data protection authorities.
5. Promoting a Culture of Privacy: Encouraging a work environment that values the protection of personal data and privacy.

Modalities

1. Preliminary Assessment:
   • Current State Assessment: Analysis of current personal data management practices, identification of gaps and areas of non-compliance.
   • Data Mapping: Mapping of data flows within the organisation to understand how data is collected, used, stored and shared.
2. Development of Policies and Procedures:
   • Data Protection Policies: Drafting and implementing data protection policies that comply with GDPR requirements.
   • Operational Procedures: Development of operational procedures for the management of personal data, including procedures for handling requests from data subjects (e.g. access, rectification, deletion).
3. Implementation of Security Measures:
   • Technical and Organisational Measures: Identification and implementation of appropriate technical and organisational security measures to protect personal data.
   • Breach Management Plans: Creation of plans and procedures for handling personal data breaches, including notification of data protection authorities and data subjects.
4. Training and Awareness Raising:
   • Training Programmes: Design and implementation of training programmes for staff on GDPR principles and data protection best practices.
   • Awareness Campaigns: Internal campaigns to promote a culture of privacy and raise employee awareness of the importance of data protection.
5. Ongoing Support and Monitoring:
   • Audits and Periodic Audits: Conducting periodic audits to verify compliance with the GDPR and identify any improvements.
   • Regulatory Updates: Monitoring regulatory changes and updating data protection policies and procedures according to new directives.

Benefits

• Regulatory Compliance: Ensure your organisation complies with GDPR requirements, reducing the risk of fines and penalties.
• Personal Data Protection: Improve the protection of personal data, reducing the likelihood of breaches and security incidents.
• Credibility and Trust: Increase the trust of customers, partners and stakeholders in the organisation’s ability to protect personal data.
• Operational Efficiency: Improve operational efficiency through the adoption of standardised data management processes and procedures.
• Risk Reduction: Mitigate the legal and reputational risks associated with inadequate management of personal data.

Tools used

• Compliance and Monitoring Software: Tools for monitoring and managing GDPR compliance.
• Documentation: Procedures and records for managing personal data.
• Training Platforms: Online tools and training materials for employee training and awareness.
• Monitoring Dashboard: Tools to monitor compliance activities and verify the effectiveness of data protection policies.

Final Considerations

365TRUST’s proposed service of advising on the implementation of Regulation (EU) 2016/679 is essential for organisations that process personal data and wish to comply with European data protection legislation. Through targeted advice and the implementation of effective policies, procedures and security measures, organisations can protect personal data, improve their regulatory compliance and promote a culture of privacy.