PRIVACY & DATA PROTECTION
Consultancy on Data Protection
Scope of the service:
Data protection regulations oblige controllers and processors to appoint the Data Protection Officer (DPO) in order to:
- inform and advise the controller or the processor and the employees who carry out processing of their obligations pursuant to this Regulation and to other Union or Member State data protection provisions.
- monitor compliance with data protection provisions and with the policies of the controller or processor in relation to the protection of personal data, including the assignment of responsibilities, awareness-raising and training of staff involved in processing operations, and the related audits.
- provide advice where requested as regards the data protection impact assessment and monitor its performance.
- cooperate with the supervisory authority.
- act as the contact point for the supervisory authority on issues relating to processing, including the prior consultation, and to consult, where appropriate, with regard to any other matter
Regulations:
- European Union under Article 37 of the Regulation (EU) 2016/679
- United Kingdom under Article 69 of the Data Protection Act 2018
- Republic of San Marino persuant to Article 38 of the Law 171/2018
- Swiss Confederation under Article 10 of the FADP – Federal Act on Data Protection
- People’s Republic of China under Article 52 of the PIPL – China’s Personal Information Protection Law
Administrative fines:
Should the controller or processor fail to comply with this obbligation, administrative fines will be imposed by the national supervisory authority according to the legislation in force:
- European Union up to 10 000 000 EUR, or up to 2 % of the turnover pursuanto to Article 83 (4) (a) Regulation (EU) 2016/679
- United Kingdom up to £8,700,000 (approx. euro 10,000,000) or up to 2 % of turnover under section 157 of the Data Protection Act 2018
- Republic of San Marino up to euro 5,000,000 or up to 2% of turnover pursuant to Article 72 of the Law 171/2018
- Swiss Confederation up to CHF 250,000 (approx. euro 250,000) pursuant to Article 60 of the FADP – Federal Act on Data Protection
- People’s Republic of China up to RMB 50,000,000 (approx. euro 6,500,000) or up to 5 % of turnover under Article 66 of the PIPL – China’s Personal Information Protection Law
Service:
Thanks to its companies in the above-mentioned legislations, 365TRUST can offer the service of Data Protection Officer (DPO) with the advantage, for the company, of signing a single contract saving time and money in the management of that obbligation.