Scope of the service:

Data Protection regulations oblige controllers and processors to comply with the principles laid down if personal data is processed within those territories.

All companies that process personal data via their own website or application (e-commerce, app, web-app, home banking, etc.) have to comply with the requirements.

Regulations:

• European Union under Regulation (EU) 2016/679
• United Kingdom under the Data Protection Act 2018
• Republic of San Marino persuant to Law 171/2018
• Swiss Confederation under the FADP – Federal Act on Data Protection
• People’s Republic of China under the PIPL – China’s Personal Information Protection Law
• Turkey under Law 6698/20216 PDPL
• Egypt pursuant to Law 151/2020 PDPL

Service:

Thanks to its companies in the above-mentioned legislations, 365TRUST can offer the necessary advice to comply with the current regulations with the advantage, for the company, of signing a single contract saving time and money in the management of these obbligations.

We support companies in the following activities:

• Pre-audit to assess the level of compliance
• Adaptation plan to achieve compliance
• Compliance maintenance programme
• Coaching of company’s personnel
• Assessment of the risks
• Data protection impact assessment
• Privacy Policy
• Designation of the Processor
• Instrument of appointment as a person authorised to process
• Prior consultation to the national Supervisory Authority 
• Responding to data subjects in exercising their rights
• Management of personal data breaches
• Procedures on data protection
• Privacy by design & by default
• E-commerce and websites adaptation
• Application software adaptation

Administrative fines:

Should the controller or processor fail to comply with this obbligation, administrative fines will be imposed by the national supervisory authority according to the legislation in force:

• European Union up to 20 000 000 EUR, or up to 4 % of the turnover pursuanto to Regulation (EU) 2016/679
• United Kingdom up to £17,500,000 (approx. euro 20,000,000) or up to 4 % of turnover under section 157 of the Data Protection Act 2018
• Republic of San Marino up to euro 10,000,000 or up to 4 % of turnover pursuant to Law 171/2018
• Swiss Confederation up to CHF 250,000 (approx. euro 250,000) pursuant to the FADP – Federal Act on Data Protection
• People’s Republic of China up to RMB 50,000,000 (approx. euro 6,500,000) or up to 5 % of turnover under the PIPL – China’s Personal Information Protection Law
• Turkey up to TL 1,000,000 (approx. euro 35,000) pursuant to Law 6698/20216 PDPL
• Egypt up to EGP 5,000,000 (approx. EUR 150,000) pursuant to Law 151/2020 PDPL