GDPR Compliance Services Bangladesh
"Privacy by Design" is always the core of all the Quantic Dynamics Services. Now it needs to be yours if you do business in the European Union.
What is GDPR, Why it is Needed & What are the requirements

What is GDPR?

At its core, GDPR is a new set of rules designed to give EU citizens more control over their personal data. It aims to simplify the regulatory environment for business so both citizens and businesses in the European Union can fully benefit from the digital economy.

If your company does any form of trade with customers within the EU, then GDPR rules will apply to you.

Failure to comply could result in organizations being fined up to 20 million euros or four percent of annual global turnover – whichever is higher.

Why is the GDPR needed?

Data breaches always happen. Information gets lost, stolen or otherwise released into the hands of people who were never intended to see it and those people often have malicious intent.

Under the terms of GDPR, not only will organizations have to ensure that personal data is gathered legally and under strict conditions, but those who collect and manage it will be obliged to protect it from misuse and exploitation, as well as to respect the rights of data owners or face penalties for not doing so.

Will the GDPR impact my company?

The short answer is that if your company does any form of trade with customers within the EU, then GDPR rules will apply to you. To ensure that your business is GDPR compliant, it is essential that you review your consent policies and procedures to verify that these meet the new higher standards.

The risk to your company? High levels of fines as well as damage to your brand and reputation.

What are the new requirements?

Privacy by Design – Privacy by Design (PbD) has always played a part in EU data regulations. By with the new law, its principles of minimizing data collection and retention and gaining consent from consumers when processing data are more explicitly formalized.

Data Protection Impact Assessments (DPIA) – When certain data associated with subjects is to be processed, companies will have to first analyze the risks to their privacy. This is another new requirement in the regulation.

Right to Erasure and To Be Forgotten – There’s been a long-standing requirement in the DPD allowing consumers to request that their data be deleted. The GDPR extends this right to include data published on the web. This is the still controversial right to stay out of the public view and “be forgotten”.

Extraterritoriality – The new principle of extraterritoriality in the GDPR says that even if a company doesn’t have a physical presence in the EU but collects data about EU data subjects — for example, through a website—then all the requirements of GDPR are in effect. In other words, the new law will extend outside the EU. This will especially affect e-commerce companies and other cloud businesses.

Breach notification – A new requirement not in the existing DPD is that companies will have to notify data authorities within 72 hours after a breach of personal data has been discovered. Data subjects will also have to notified but only if the data poses a “high risk to their rights and freedoms”.

Fines – The GDPR has a tiered penalty structure that will take a large bite out of offender’s funds. More serious infringements can merit a fine of up to 4% of a company’s global revenue. This can include violations of basic principles related to data security — especially PbD principles. A lesser fine of up to 2% of global revenue — still enormous — can be issued if company records are not in order or a supervising authority and data subjects are not notified after a breach. This makes breach notification oversights a serious and expensive offense.

Our Service Process

We understand the new GDPR Compliance and can make sure that your organization complies with them. You won’t need to know the letter of the compliance and risk fines for misunderstanding or misinterpreting it, because you will have used our services to turn complex legislation into simple implementation plans.

Informative

Provides an accurate snapshot of organizational readiness to comply with GDPR.

Risk responsive

Outlines key risks of non-compliance if completion by 2018 cannot be achieved.

Executive level plan

Highlights current risks and necessary steps in executive-level terms.

Road-map

Provides a clear high-level plan and road-map for achieving full compliance.

Cost-effective

Identifies areas requiring immediate attention, and cost-effective remediation solutions, in prioritized terms.

Concise

Supports business case definition and GDPR remediation planning.

What can we do
  • It is important that the whole organization is on board. We will explain clearly to your management and wider teams what GDPR is, and the impact this could have on your organization. For some more complex businesses, this could have a significant resource implication, so it’s important to act now.

  • We will carry out an ‘information audit’ to document what information you hold, where it came from and who you share it with. This will be important to comply with the GDPR accountability principle after 25th May.

  • Review of your current privacy notices, and update them to comply with the new legislation.

  • Review your procedures to ensure they cover all the rights individuals have for example how you would delete personal data should this be requested. Do your current systems allow you to do this easily?

  • Review and update your procedures for subject access requests, and plan how you will handle these requests under the new rules.

  • We will help you identify the lawful basis for your processing activity in the GDPR, document it and update your privacy notice to explain it.

  • Review how you seek, record and manage consent and whether you need to make any changes. We will advise on refreshing existing consents now if they don’t meet the GDPR standard.

  • If your organization offers online services to children and collects their data, parental consent may be required and privacy notices will need to be updated and written in a way children can understand. We can assist with this.

  • The GDPR introduces a duty on all organizations to report certain types of data breach to the ICO, and in some cases, to individuals. We can help ensure you have the right procedures in place to detect, report and investigate a personal data breach.

  • It has always been good practice to adopt a privacy by design approach and to carry out a Privacy Impact Assessment (PIA) as part of this. However, the GDPR makes privacy by design an express legal requirement, under the term ‘data protection by design and by default.’ It also makes PIAs – referred to as ‘Data Protection Impact Assessments’ or DPIAs – mandatory in certain circumstances. We can help assess the situations where it will be necessary to conduct a DPIA. Who will do it? Who else needs to be involved?

  • Some types of organization are required to designate a Data Protection Officer who takes proper responsibility for your data protection compliance and has the knowledge, support, and authority to carry out their role effectively. We can assist in identifying where this role should sit within your organizational structure and train the relevant members of staff taking on this role.

  • If your organization operates in more than one EU member state, we can help determine your lead data protection supervisory authority and document this.

  • It is important to note that the GDPR covers all staff data, as well as customer data. We also have specialist consultants who can advise on HR practices and policies.

I NEED TO COMPLY WITH THE GDPR