GDPR and businesses
Data protection concerns continue to gain momentum for the entry into force on May 25th of 2018 of the general data protection (GDPR).
This enthusiasm is mainly due to the sanctions that can now be imposed by the national supervisory authorities. Indeed, they have a wide range of possible actions including the imposition of an administrative fine of up to 4% of the total worldwide annual turnover of the preceding financial year, whichever is higher.
The changes brought about by the GDPR can be summarized as follows:
- Broadening of the scope of application; for example, categories of data controller previously exempted from certain obligations are no longer so, for example non-profit organizations;
- Extension of the rights of the data subject;
- Extension of the obligations of the data controller;
- Disappearance of the prior notification to the Belgian Privacy Commission (Belgian authority);
- Obligation to draft special documents under strict conditions;
- Conversion of the Belgian Privacy Commission into a genuine national supervisory authority with a real power of action, including that of imposing large fines;
- Creation of a new position as Data Protection Officer;
- Conditioned faculty to choose the supervisory authority that the company depends on (one-stop-shop), etc.
Thanks to a master degree in privacy issues and to my professional experience both as a lawyer and as a researcher, I help you assess your needs as to meet the requirements of the European legislation.
My offer is varied and flexible and includes following services:
- Audit your company by means of a questionnaire and/or visits to your offices which allow to determine and analyse data flows, categories of data, data quality, different processing of personal data, implementation of the rights of the data subject;
- Draft various documents such as statement of your company’s privacy policy, code of conduct, data collection form, consent collection form, general documentation, privacy impact assessment, report on the data protection officer, record of processing activities, record of violations ;
- Assume the position of Data Protection Officer or verify that the legal requirements for holding the position are met; when appropriate, assisting the data protection officer who has been appointed internally for specific issues;
- Facilitate critical transitions regarding data protection such as set up loyalty program, monitoring program by geolocation or not, a commercial site (e-commerce) ;
- Represent your company in litigation before the courts but also in the context of contacts with the supervisory authority, etc.